Description
A weakness has been identified in code-projects Assessment Management 1.0. Affected by this issue is some unknown functionality of the file admin/view-users.php. Executing a manipulation of the argument User can lead to cross site scripting. The attack may be performed from remote. The exploit has been made available to the public and could be used for attacks.
Problem types
Product status
Timeline
| 2026-07-03: | Advisory disclosed |
| 2026-07-03: | VulDB entry created |
| 2026-07-03: | VulDB entry last update |
Credits
SSL_Seven_Security_Lab_WangZhiQiang_ZhanXiuChen (VulDB User)
References
vuldb.com/vuln/376169 (VDB-376169 | code-projects Assessment Management view-users.php cross site scripting)
vuldb.com/vuln/376169/cti (VDB-376169 | CTI Indicators (IOB, IOC, TTP, IOA))
vuldb.com/cve/CVE-2026-14655 (CVE-2026-14655 | CVE Analysis and Report)
vuldb.com/submit/846714 (Submit #846714 | Assessment Management System admin/view-users.php Stored XSS Vulnerability v1.0 Stored XSS)
github.com/zzzxc643/CVE1/blob/main/assessment/vul3.md
code-projects.org/