Description

A vulnerability has been found in code-projects Project Management System 1.0. This vulnerability affects unknown code of the file /mail.php of the component Mail Compose Page. Such manipulation leads to cross site scripting. The attack may be performed from remote. The exploit has been disclosed to the public and may be used.

Severity (CVSS)

Base score5.1
SeverityMedium
VersionCVSS 4.0
VectorCVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P
Provided byCNA

Weaknesses

  • CWE-79 — Cross Site Scripting
  • CWE-94 — Code Injection

Affected products

VendorProductVersions
code-projectsProject Management System1.0

References

Authoritative sources

This page is a snapshot. For the latest enrichment and updates, view the record on CVE.org or the NVD.

Generated from the official CVE List on 29 Jun 2026 07:08 UTC.