cvedb.io
CVE-2026-26464
MEDIUM · CVSS 6.1
EPSS exploitation probability: 0%
Published 2026-02-23T18:25:51.630 · Last modified 2026-06-17T10:26:11.660

Summary

Stored Cross-Site Scripting (XSS) was found in the /admin/edit_user.php page of Society Management System Portal V1.0, which allows remote attackers to inject and store arbitrary JavaScript code that is executed in users' browsers. This vulnerability can be exploited via the name parameter in a POST HTTP request, leading to execution of malicious scripts when the affected content is viewed by other users, including administrators.

Affected products

kashipara — society_management_system_portal

Does this affect you?

Add your gear to cvedb and we'll alert you only when kashipara ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.