CVE-2026-0586 — Cross-site Scripting in Online Product Reservation System

CWE-79 — Cross-site Scripting CWE-94 — Code Injection3 documents3 sources

Severity

5.3MEDIUMNVD

EPSS

0.1%

top 78.62%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Code-projects Online Product Reservation System Fabian Online Product Reservation System

Timeline

PublishedJan 5

Description

A vulnerability was detected in code-projects Online Product Reservation System 1.0. The affected element is an unknown function of the file handgunner-administrator/prod.php. Performing a manipulation of the argument cat results in cross site scripting. The attack is possible to be carried out remotely. The exploit is now public and may be used.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

Affected Packages2 packages

▶CVEListV5code-projects/online_product_reservation_system1.0

▶NVDfabian/online_product_reservation_system1.0

🔴Vulnerability Details

CVEList

code-projects Online Product Reservation System prod.php cross site scripting↗2026-01-05

▶

GHSA

GHSA-5hgf-7jfc-7xx5: A vulnerability was detected in code-projects Online Product Reservation System 1↗2026-01-05

▶