CVE-2022-26295

MEDIUM

Online Project Time Management System v1.0 - XSS

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2022-26295. PoCs published by Felipe Alcantara.

AI-analyzed exploit summary This exploit demonstrates multiple stored XSS vulnerabilities in the Online Project Time Management System 1.0. It includes HTTP requests with malicious payloads injected into user fields and system settings, which are executed when the data is rendered.

Description

A stored cross-site scripting (XSS) vulnerability in /ptms/?page=user of Online Project Time Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the user name field.

Exploits (1)

exploitdb WORKING POC

by Felipe Alcantara · textwebappsphp

https://www.exploit-db.com/exploits/50683

View Code ZIP pw:eip

This exploit demonstrates multiple stored XSS vulnerabilities in the Online Project Time Management System 1.0. It includes HTTP requests with malicious payloads injected into user fields and system settings, which are executed when the data is rendered.

Classification

Working Poc 95%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: Online Project Time Management System 1.0

Auth required

Prerequisites: Authenticated access as an employee or admin · Ability to modify user or system settings

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059.007 - JavaScript

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1

Core References

Exploit, Third Party Advisory, VDB Entry x_refsource_misc

https://www.exploit-db.com/exploits/50683

Scores

CVSS v3 5.4

EPSS 0.0057

EPSS Percentile 42.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Details

CWE

CWE-79

Status published

Products (1)

online_project_time_management_system_project/online_project_time_management_system 1.0

Published Mar 16, 2022

Tracked Since Feb 18, 2026