PatchSiren cyber security CVE debrief
CVE-2026-14656 code-projects CVE debrief
CVE-2026-14656 is a cross site scripting vulnerability detected in Code-Projects Assessment Management 1.0. The vulnerability affects an unknown part of the file /admin/remove-user.php. The manipulation of the argument ID leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed publicly and may be used. The CVSS score for this vulnerability is 2.1, indicating a low severity.
- Vendor
- code-projects
- Product
- Assessment Management
- CVSS
- LOW 2.1
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-07-04
- Original CVE updated
- 2026-07-04
- Advisory published
- 2026-07-04
- Advisory updated
- 2026-07-04
Who should care
Defenders of Code-Projects Assessment Management 1.0 should be aware of this cross site scripting vulnerability. This vulnerability may allow remote attackers to inject malicious scripts into the application. Although the CVSS score is low, defenders should still take necessary precautions to prevent potential attacks.
Technical summary
CVE-2026-14656 is a cross site scripting vulnerability in Code-Projects Assessment Management 1.0. The vulnerability is located in the /admin/remove-user.php file and is caused by the manipulation of the ID argument. An attacker can initiate the attack remotely, and the exploit has been publicly disclosed. The CVSS vector for this vulnerability is CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X.
Defensive priority
Defenders should prioritize patching this vulnerability to prevent potential cross site scripting attacks. Although the CVSS score is low, it is still important to take necessary precautions to prevent potential attacks.
Recommended defensive actions
- Patch the vulnerable Code-Projects Assessment Management 1.0 application
- Restrict access to the /admin/remove-user.php file
- Implement input validation and sanitization for the ID argument
- Monitor the application for potential cross site scripting attacks
- Consider implementing a web application firewall to detect and prevent attacks
Evidence notes
The CVE-2026-14656 vulnerability was detected in Code-Projects Assessment Management 1.0. The vulnerability affects an unknown part of the file /admin/remove-user.php. The manipulation of the argument ID leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed publicly and may be used. The CVSS score for this vulnerability is 2.1, indicating a low severity.
Official resources
This article is AI-assisted and based on the supplied source corpus.