CVE-2026-26464

MEDIUM

6.1

Description

Stored Cross-Site Scripting (XSS) was found in the /admin/edit_user.php page of Society Management System Portal V1.0, which allows remote attackers to inject and store arbitrary JavaScript code that is executed in users' browsers. This vulnerability can be exploited via the name parameter in a POST HTTP request, leading to execution of malicious scripts when the affected content is viewed by other users, including administrators.

Details CVE

Score CVSS v3.16.1

SeveriteMEDIUM

Vecteur CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Vecteur d'attaqueNETWORK

ComplexiteLOW

Privileges requisNONE

Interaction utilisateurREQUIRED

Publie2/23/2026

Derniere modification2/26/2026

Sourcenvd

Observations honeypot0

Produits affectes

kashipara:society_management_system_portal

Faiblesses (CWE)

CWE-79CWE-79

References

https://github.com/0xBhushan/Writeups/blob/main/CVE/Kashipara/Society%20Management%20System%20Portal/Stored%20XSS-name.pdf(cve@mitre.org)

Correlations IOC

Aucune correlation enregistree

This product uses data from the NVD API but is not endorsed or certified by the NVD.