CVE-2026-4626

Name of the Vulnerable Software and Affected Versions projectworlds Lawyer Management System version 1.0

Description A flaw exists in projectworlds Lawyer Management System 1.0. The issue is related to cross site scripting, triggered by manipulating the Description argument in the /lawyer booking.php file. This can be exploited remotely. The exploit for this issue is publicly available.

Recommendations Apply any available updates or patches for projectworlds Lawyer Management System version 1.0. As a temporary workaround, sanitize the Description input to prevent script injection. Restrict access to the /lawyer booking.php file if possible.