CVE-2026-13504
LOW
3.5
CVSS 3.1
Description
A vulnerability has been found in code-projects Project Management System 1.0. This vulnerability affects unknown code of the file /mail.php of the component Mail Compose Page. Such manipulation leads to cross site scripting. The attack may be performed from remote. The exploit has been disclosed to the public and may be used.
Metadata
Severity & Metrics
3.5
LOW CVSS 3.1
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R
Affected products (1)
| Vendor | Product | Platform | Versions |
|---|---|---|---|
| code-projects | Project Management System | — | 1.0 |
CVSS scores (4)
| Score | Severity | Version | Source | Vector |
|---|---|---|---|---|
| 5.1 | MEDIUM | 4.0 | cna | CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P |
| 4.0 | N/D | 2.0 | cna | AV:N/AC:L/Au:S/C:N/I:P/A:N/E:POC/RL:ND/RC:UR |
| 3.5 | LOW | 3.1 | cna | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R |
| 3.5 | LOW | 3.0 | cna | CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R |
References (6)
- VDB-374499 | code-projects Project Management System Mail Compose mail.php cross site scripting https://vuldb.com/vuln/374499
- VDB-374499 | CTI Indicators (IOB, IOC, TTP, IOA) https://vuldb.com/vuln/374499/cti
- CVE-2026-13504 | CVE Analysis and Report https://vuldb.com/cve/CVE-2026-13504
- Submit #838683 | code-projects Project Management System 1.0 Cross Site Scripting https://vuldb.com/submit/838683
- https://github.com/MyMySSS/CVE123/blob/main/cve4/PMS_CVE_Submission.md
- https://code-projects.org/