PT-2026-7087 · Unknown · Code-Projects Online Reviewer System
Tiancesec
·
Published
2026-02-09
·
Updated
2026-02-09
·
CVE-2026-2224
CVSS v3.1
5.4
Medium
| Vector | AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
code-projects Online Reviewer System version 1.0
Description
A flaw exists in code-projects Online Reviewer System 1.0 that allows for cross site scripting. The issue is located in the file /system/system/admins/manage/users/btn functions.php, where manipulation of the
firstname argument can trigger the attack. The attack can be launched remotely and the exploit is publicly available.Recommendations
Apply a fix to address the manipulation of the
firstname argument in the /system/system/admins/manage/users/btn functions.php file.Exploit
Fix
XSS
Code Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Code-Projects Online Reviewer System