PatchSiren cyber security CVE debrief
CVE-2026-14655 code-projects CVE debrief
A low-severity cross-site scripting vulnerability has been identified in Code-Projects Assessment Management 1.0. The vulnerability affects an unknown functionality of the file admin/view-users.php and can be exploited remotely. The exploit has been made publicly available and could be used for attacks. The CVSS score for this vulnerability is 1.9, indicating a low severity. The vulnerability was published on July 4, 2026, and has not been modified since then. Evidence suggests that the vendor is unknown, and the product name is not specified.
- Vendor
- code-projects
- Product
- Assessment Management
- CVSS
- LOW 1.9
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-07-04
- Original CVE updated
- 2026-07-04
- Advisory published
- 2026-07-04
- Advisory updated
- 2026-07-04
Who should care
Security teams responsible for web applications, particularly those using Code-Projects Assessment Management 1.0, should be aware of this vulnerability. Although the severity is low, the public availability of the exploit increases the risk of attacks. Organizations using this software should review their inventory and consider applying patches or mitigations.
Technical summary
The vulnerability is a cross-site scripting (XSS) issue in the admin/view-users.php file of Code-Projects Assessment Management 1.0. The vulnerability can be exploited by manipulating the 'User' argument, allowing attackers to inject malicious scripts. The attack can be performed remotely, and the exploit has been made publicly available. The CVSS vector for this vulnerability is CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. The weakness is classified under CWE-79 and CWE-94.
Defensive priority
Given the low severity and public availability of the exploit, security teams should prioritize reviewing their inventory of Code-Projects Assessment Management 1.0 instances and consider applying patches or mitigations. Compensating controls, such as web application firewalls, may also be effective in mitigating this vulnerability.
Recommended defensive actions
- Review inventory of Code-Projects Assessment Management 1.0 instances
- Apply patches or mitigations if available
- Consider compensating controls such as web application firewalls
- Monitor for suspicious activity related to this vulnerability
- Perform regular vulnerability assessments and penetration testing
Evidence notes
The CVE record and NVD detail provide information on the vulnerability, including its severity, exploitability, and potential impact. The source item URL provides additional context on the vulnerability, including references to external sources. However, the vendor and product name are not specified, making it challenging to determine the affected scope.
Official resources
This article is AI-assisted and based on the supplied source corpus.