CVE-2026-6003

LOW

code-projects Simple IT Discussion Forum user.php cross site scripting

Title source: cna

Description

A security vulnerability has been detected in code-projects Simple IT Discussion Forum 1.0. This issue affects some unknown processing of the file /admin/user.php. Such manipulation of the argument fname leads to cross site scripting. The attack may be performed from remote. The exploit has been disclosed publicly and may be used.

References (5)

Scores

CVSS v3 2.4
EPSS 0.0003
EPSS Percentile 8.6%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N

Details

CWE
CWE-79 CWE-94
Status published
Products (1)
code-projects/Simple IT Discussion Forum 1.0
Published Apr 10, 2026
Tracked Since Apr 10, 2026