CVE-2026-26464
Last modified
CVE-2026-26464 is a medium-severity vulnerability rated 6.1/10 on the CVSS scale. Stored Cross-Site Scripting (XSS) was found in the /admin/edit_user.php page of Society Management System Portal V1.0, which allows remote attackers to inject and store arbitrary JavaScript code that is executed in users' browsers. This vulnerability can be exploited via the name parameter in a POST HTTP request, leading to execution of malicious scripts when the affected content is viewed by other users, including administrators.. EPSS estimates a 0.25% chance of exploitation in the next 30 days.
Description
Stored Cross-Site Scripting (XSS) was found in the /admin/edit_user.php page of Society Management System Portal V1.0, which allows remote attackers to inject and store arbitrary JavaScript code that is executed in users' browsers. This vulnerability can be exploited via the name parameter in a POST HTTP request, leading to execution of malicious scripts when the affected content is viewed by other users, including administrators.
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Kashipara | Society Management System Portal | 1.0 |
References
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2026-26464?
How severe is CVE-2026-26464?
How do I fix CVE-2026-26464?
Are you affected by CVE-2026-26464?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST