CVE-2026-26464

Name of the Vulnerable Software and Affected Versions Society Management System Portal version 1.0

Description A stored Cross-Site Scripting (XSS) issue exists in the /admin/edit user.php page. This allows remote attackers to inject and store arbitrary JavaScript code, which is then executed in users' browsers. The issue is exploitable through the name parameter in a POST HTTP request. Successful exploitation results in the execution of malicious scripts when affected content is viewed by other users, including administrators.

Recommendations Update to a newer version of Society Management System Portal to address this vulnerability. As a temporary workaround, sanitize the name parameter in the /admin/edit user.php page to prevent the injection of malicious scripts.