CVE-2026-26464

Medium CVSS: 6.1

Stored Cross-Site Scripting (XSS) was found in the /admin/edit_user.php page of Society Management System Portal V1.0, which allows remote attackers to inject and store arbitrary JavaScript code that is executed in users' browsers. This vulnerability can be exploited via the name parameter in a POST HTTP request, leading to execution of malicious scripts when the affected content is viewed by other users, including administrators.

Vendor

Kashipara

Product

Society Management System Portal

CWE

CWE-79

Yayın Tarihi

2026-02-23 18:25:51

Güncelleme

2026-02-26 23:16:34

Source Identifier

cve@mitre.org

KEV Date Added

Kategoriler

CWE-79 Society Management System Portal MEDIUM Kashipara 2026

Referanslar

https://github.com/0xBhushan/Writeups/blob/main/CVE/Kashipara/Society%20Management%20System%20Portal/Stored%20XSS-name.pdf

Benzer Kayıtlar

Medium

CVE-2024-44651

Kashipara Ecommerce Website 1.0 is vulnerable to SQL Injection via the recover_email parameter in user_password_recover.…

Medium

CVE-2024-44653

Kashipara Ecommerce Website 1.0 is vulnerable to SQL Injection via the user_email parameter in user_login.php.

Medium

CVE-2024-44652

Kashipara Ecommerce Website 1.0 is vulnerable to SQL Injection via the user_email, username, user_firstname, user_lastna…

Medium

CVE-2024-46334

kashipara School Management System 1.0 is vulnerable to Cross Site Scripting (XSS) via the formuser and formpassword par…

Medium

CVE-2024-46336

kashipara School Management System 1.0 is vulnerable to Cross Site Scripting (XSS) via /client_user/feedback.php.

Medium

CVE-2025-26158

A Stored Cross-Site Scripting (XSS) vulnerability was discovered in the manage-employee.php page of Kashipara Online Att…