CVE-2026-14656

MEDIUM

code-projects Assessment Management remove-user.php cross site scripting

Title source: cna
STIX 2.1

Description

A security vulnerability has been detected in code-projects Assessment Management 1.0. This affects an unknown part of the file /admin/remove-user.php. The manipulation of the argument ID leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed publicly and may be used.

References (6)

Core 6
Core References
Vdb Entry, Technical Description vdb-entry technical-description
VDB-376170 | code-projects Assessment Management remove-user.php cross site scripting
https://vuldb.com/vuln/376170
Signature, Permissions Required signature permissions-required
VDB-376170 | CTI Indicators (IOB, IOC, TTP, IOA)
https://vuldb.com/vuln/376170/cti
Third Party Advisory third-party-advisory
CVE-2026-14656 | CVE Analysis and Report
https://vuldb.com/cve/CVE-2026-14656
Third Party Advisory third-party-advisory
Submit #846715 | Assessment Management System admin/remove-user.php Reflected XSS Vulnerability v1.0 Reflected XSS
https://vuldb.com/submit/846715
Product product
https://code-projects.org/

Scores

CVSS v3 4.3
EPSS 0.0044
EPSS Percentile 35.6%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

CISA SSVC

Vulnrichment
Exploitation poc
Automatable yes
Technical Impact partial

Details

CWE
CWE-79 CWE-94
Status published
Products (1)
code-projects/Assessment Management 1.0
Published Jul 04, 2026
Tracked Since Jul 05, 2026