CVE-2026-2214

code-projects for Plugin AdminAddAlbum.php cross site scripting

CVSS 4.8 MEDIUMEPSS 0.2%CWE-79 CWE-94

A weakness has been identified in code-projects for Plugin 1.0. This affects an unknown part of the file /Administrator/PHP/AdminAddAlbum.php. This manipulation of the argument txtalbum causes cross site scripting. It is possible to initiate the attack remotely. The exploit has been made available to the public and could be used for attacks.

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P

Produtos afetados

code-projects · for Plugin

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

https://code-projects.org/https://github.com/yuji0903/silver-guide/issues/9 https://vuldb.com/?ctiid.344930 https://vuldb.com/?id.344930 https://vuldb.com/?submit.752602