PT-2026-7087 · Unknown · Code-Projects Online Reviewer System

Tiancesec

Publicado

2026-02-09

Atualizado

2026-02-09

CVE-2026-2224

CVSS v3.1

5.4

Média

Vetor

AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions code-projects Online Reviewer System version 1.0

Description A flaw exists in code-projects Online Reviewer System 1.0 that allows for cross site scripting. The issue is located in the file /system/system/admins/manage/users/btn functions.php, where manipulation of the firstname argument can trigger the attack. The attack can be launched remotely and the exploit is publicly available.

Recommendations Apply a fix to address the manipulation of the firstname argument in the /system/system/admins/manage/users/btn functions.php file.

Exploit

Correção

XSS

Code Injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-79CWE-94

Identificadores relacionados

CVE-2026-2224

Produtos afetados

Code-Projects Online Reviewer System

PT-2026-7087 · Unknown · Code-Projects Online Reviewer System

CVE-2026-2224

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 10