CVE-2026-6159

CWE-79Cross-site Scripting (XSS)CWE-94Code Injection4 documents4 sources
Severity
5.3MEDIUM
EPSS
0.0%
top 90.53%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Code-projects Simple Chatbox
Timeline
PublishedApr 13

Description

A vulnerability has been found in code-projects Simple ChatBox up to 1.0. Affected by this vulnerability is an unknown functionality of the file /chatbox/insert.php of the component Endpoint. Such manipulation of the argument msg leads to cross site scripting. The attack may be performed from remote. The exploit has been disclosed to the public and may be used.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

Affected Packages1 packages

🔴Vulnerability Details

3
GHSA
GHSA-hh82-cfxx-fmf9: A vulnerability has been found in code-projects Simple ChatBox up to 12026-04-13
CVEList
code-projects Simple ChatBox Endpoint insert.php cross site scripting2026-04-13
VulDB
code-projects Simple ChatBox up to 1.0 Endpoint /chatbox/insert.php msg cross site scripting2026-04-12
CVE-2026-6159 (MEDIUM CVSS 5.3) | A vulnerability has been found in c | cvebase.io