CVE Catalog

CVE-2026-14656

MediumCVSS 4.3
Published: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.44%

36th percentile — higher than 36% of all known CVEs

Summary

A cross-site scripting vulnerability was found in Assessment Management 1.0 in /admin/remove-user.php. Manipulation of the ID argument allows remote script execution. The exploit is publicly available.

Risk Assessment

An attacker can inject malicious scripts, leading to session theft, redirects, or data theft from users.

Recommendation

Immediately update the system to the latest version or apply input filtering for the ID argument in /admin/remove-user.php.

Original NVD description (English source)

A security vulnerability has been detected in code-projects Assessment Management 1.0. This affects an unknown part of the file /admin/remove-user.php. The manipulation of the argument ID leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed publicly and may be used.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS