CVE-2026-26464

MEDIUM

6.1

Descripcion

Stored Cross-Site Scripting (XSS) was found in the /admin/edit_user.php page of Society Management System Portal V1.0, which allows remote attackers to inject and store arbitrary JavaScript code that is executed in users' browsers. This vulnerability can be exploited via the name parameter in a POST HTTP request, leading to execution of malicious scripts when the affected content is viewed by other users, including administrators.

Detalles CVE

Puntuacion CVSS v3.16.1

SeveridadMEDIUM

Vector CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Vector de ataqueNETWORK

ComplejidadLOW

Privilegios requeridosNONE

Interaccion usuarioREQUIRED

Publicado2/23/2026

Ultima modificacion2/26/2026

Fuentenvd

Avistamientos honeypot0

Productos afectados

kashipara:society_management_system_portal

Debilidades (CWE)

CWE-79CWE-79

Referencias

https://github.com/0xBhushan/Writeups/blob/main/CVE/Kashipara/Society%20Management%20System%20Portal/Stored%20XSS-name.pdf(cve@mitre.org)

Correlaciones IOC

Sin correlaciones registradas

This product uses data from the NVD API but is not endorsed or certified by the NVD.