CVE-2026-14655
LowCVSS 2.4Exploitation Probability (EPSS)
Low risk27th percentile — higher than 27% of all known CVEs
Summary
A cross-site scripting vulnerability has been found in Assessment Management 1.0 in the admin/view-users.php file. Manipulation of the User argument can lead to script execution in the browser. The attack is remotely exploitable and the exploit is publicly available.
Risk Assessment
The risk involves potential injection of malicious scripts, which could lead to session hijacking, redirection to malicious sites, or other actions on the victim's account.
Recommendation
Immediately update the software to the latest version or apply a security patch. Additionally, validate and sanitize input data in the admin/view-users.php file.
Original NVD description (English source)
A weakness has been identified in code-projects Assessment Management 1.0. Affected by this issue is some unknown functionality of the file admin/view-users.php. Executing a manipulation of the argument User can lead to cross site scripting. The attack may be performed from remote. The exploit has been made available to the public and could be used for attacks.

