CVE Catalog

CVE-2026-13567

MediumCVSS 4.3
Published: Updated: Translated: NVD NIST

Summary

A cross-site scripting vulnerability has been discovered in code-projects Online Music Site 1.0 in the file /Frontend/Feedback.php. Manipulation of the fname, femail, faddress, or fmessage arguments allows remote injection of malicious scripts.

Risk Assessment

An attacker can exploit this vulnerability to steal user sessions, redirect to malicious sites, or steal sensitive data, posing a risk to the organization and its customers.

Recommendation

Immediately update the application to the latest version or apply a patch that prevents XSS, such as input validation and output encoding.

Original NVD description (English source)

A security flaw has been discovered in code-projects Online Music Site 1.0. This affects an unknown part of the file /Frontend/Feedback.php of the component POST Request Handler. The manipulation of the argument fname/femail/faddress/fmessage results in cross site scripting. The attack may be launched remotely. The exploit has been released to the public and may be used for attacks.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS