CVE Catalog

CVE-2026-13504

LowCVSS 3.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.20%

10th percentile — higher than 10% of all known CVEs

Summary

A cross-site scripting vulnerability was found in Project Management System 1.0 in the /mail.php file (Mail Compose Page). The attack can be performed remotely and exploit details are publicly available.

Risk Assessment

An attacker can inject a malicious script, potentially leading to session theft, redirects, or displaying fake content to system users.

Recommendation

Immediately update the system to the latest version or apply a security patch. Additionally, implement input validation and sanitization in the /mail.php file.

Original NVD description (English source)

A vulnerability has been found in code-projects Project Management System 1.0. This vulnerability affects unknown code of the file /mail.php of the component Mail Compose Page. Such manipulation leads to cross site scripting. The attack may be performed from remote. The exploit has been disclosed to the public and may be used.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS