CVE-2026-38931

MEDIUM

creatorsofcode simplephp - Stored Cross-Site Scripting in /admin/config-module.php

Title source: llm

Description

A stored cross-site scripting (XSS) vulnerability in the /admin/config-module.php component of creatorsofcode simplephp GitHub commit 5184cff (Latest as of 2026-02-27) via injecting a crafted payload.

References (3)

Core 3

Core References

http://creatorsofcode.com

http://simplephp.com

https://moworn.github.io/post/cve-2026-38931/

Scores

CVSS v3 5.4

EPSS 0.0021

EPSS Percentile 10.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-79

Status published

Published May 27, 2026

Tracked Since May 27, 2026