CVE Catalog

CVE-2026-14655

LowCVSS 2.4
Published: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.35%

27th percentile — higher than 27% of all known CVEs

Summary

A cross-site scripting vulnerability has been found in Assessment Management 1.0 in the admin/view-users.php file. Manipulation of the User argument can lead to script execution in the browser. The attack is remotely exploitable and the exploit is publicly available.

Risk Assessment

The risk involves potential injection of malicious scripts, which could lead to session hijacking, redirection to malicious sites, or other actions on the victim's account.

Recommendation

Immediately update the software to the latest version or apply a security patch. Additionally, validate and sanitize input data in the admin/view-users.php file.

Original NVD description (English source)

A weakness has been identified in code-projects Assessment Management 1.0. Affected by this issue is some unknown functionality of the file admin/view-users.php. Executing a manipulation of the argument User can lead to cross site scripting. The attack may be performed from remote. The exploit has been made available to the public and could be used for attacks.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS