PatchSiren cyber security CVE debrief
CVE-2026-13504 code-projects CVE debrief
CVE-2026-13504 is a cross-site scripting vulnerability found in the Project Management System 1.0. The vulnerability affects the mail compose page, located at /mail.php, and allows an attacker to inject malicious scripts. The attack can be performed remotely, and the exploit has been publicly disclosed. The CVSS score for this vulnerability is 2, indicating a low severity. The vulnerability was published on June 28, 2026, and has not been modified since then. Evidence suggests that the vendor is unknown, and the product name is not specified. Limited source metadata is available, and further investigation is required to determine the full scope of the vulnerability.
- Vendor
- code-projects
- Product
- Project Management System
- CVSS
- LOW 2
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-28
- Original CVE updated
- 2026-06-28
- Advisory published
- 2026-06-28
- Advisory updated
- 2026-06-28
Who should care
Security teams responsible for managing and securing Project Management System 1.0 should be aware of this vulnerability. Additionally, developers and administrators who oversee the deployment and maintenance of this system should take necessary precautions to prevent exploitation. Organizations using this system should prioritize patching or mitigating this vulnerability to prevent potential attacks.
Technical summary
The vulnerability is a cross-site scripting (XSS) vulnerability in the Project Management System 1.0. The affected file is /mail.php, which is part of the mail compose page. An attacker can inject malicious scripts into this page, potentially leading to unauthorized actions or data theft. The CVSS vector for this vulnerability is CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. The weakness associated with this vulnerability is CWE-79 and CWE-94.
Defensive priority
Given the low CVSS score, this vulnerability is not considered high-priority. However, security teams should still take necessary precautions to prevent exploitation, especially if the system is widely used or contains sensitive data. It is recommended to patch or mitigate this vulnerability as soon as possible.
Recommended defensive actions
- Review and update the Project Management System 1.0 to ensure the latest security patches are applied.
- Implement additional security measures, such as input validation and output encoding, to prevent XSS attacks.
- Monitor the system for suspicious activity and implement logging and incident response plans.
- Consider replacing the system with a more secure alternative if it is no longer supported by the vendor.
- Perform regular security audits and vulnerability assessments to identify potential weaknesses.
Evidence notes
The evidence for this vulnerability is limited, and further investigation is required to determine the full scope of the vulnerability. The CVE record and NVD detail provide some information, but additional sources, such as vendor statements or security advisories, may be necessary to fully understand the vulnerability. The exploit has been publicly disclosed, which increases the risk of exploitation.
Official resources
This article is AI-assisted and based on the supplied source corpus.