216.73.217.86

CVE-2026-26464

· Published 23/02/2026 18:25 · Modified 24/02/2026 14:13

Labels: CVE-2026-26464 2026-02-23CVE-2026-26464[email protected]

Essential information

Published
23/02/2026 18:25
Modified
24/02/2026 14:13
Author
Creator
CVSS
6.1 MEDIUM (v3.1)
CISA KEV
No
CWE
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CVSS metrics

Description

Stored Cross-Site Scripting (XSS) was found in the /admin/edit_user.php page of Society Management System Portal V1.0, which allows remote attackers to inject and store arbitrary JavaScript code that is executed in users' browsers. This vulnerability can be exploited via the name parameter in a POST HTTP request, leading to execution of malicious scripts when the affected content is viewed by other users, including administrators.

NVD status

Status
Awaiting Analysis — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
* / society management system portal cpe:2.3:a:*:society_management_system_portal:1.0:*:*:*:*:*:*:*

References