CVE-2026-4835

CWE-79Cross-site Scripting (XSS)CWE-94Code Injection3 documents3 sources
Severity
5.1MEDIUM
EPSS
0.0%
top 91.00%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Code-projects Accounting System
Timeline
PublishedMar 26

Description

A security vulnerability has been detected in code-projects Accounting System 1.0. Impacted is an unknown function of the file /my_account/add_costumer.php of the component Web Application Interface. Such manipulation of the argument costumer_name leads to cross site scripting. The attack may be performed from remote. The exploit has been disclosed publicly and may be used.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

Affected Packages1 packages

🔴Vulnerability Details

2
GHSA
GHSA-w43v-pfh7-6jqq: A security vulnerability has been detected in code-projects Accounting System 12026-03-26
CVEList
code-projects Accounting System Web Application add_costumer.php cross site scripting2026-03-26
CVE-2026-4835 (MEDIUM CVSS 5.1) | A security vulnerability has been d | cvebase.io