CVE-2026-2214Cross-site Scripting in FOR Plugin

CWE-79Cross-site ScriptingCWE-94Code Injection3 documents3 sources
Severity
4.8MEDIUMNVD
EPSS
0.0%
top 89.89%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Code-projects FOR PluginFabian Online Music Site
Timeline
PublishedFeb 9

Description

A weakness has been identified in code-projects for Plugin 1.0. This affects an unknown part of the file /Administrator/PHP/AdminAddAlbum.php. This manipulation of the argument txtalbum causes cross site scripting. It is possible to initiate the attack remotely. The exploit has been made available to the public and could be used for attacks.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

Affected Packages2 packages

🔴Vulnerability Details

2
CVEList
code-projects for Plugin AdminAddAlbum.php cross site scripting2026-02-09
GHSA
GHSA-h4q7-r4fx-5q4m: A weakness has been identified in code-projects for Plugin 12026-02-09
CVE-2026-2214 — Cross-site Scripting in FOR Plugin | cvebase