PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-14656 code-projects CVE debrief

CVE-2026-14656 is a cross site scripting vulnerability detected in Code-Projects Assessment Management 1.0. The vulnerability affects an unknown part of the file /admin/remove-user.php. The manipulation of the argument ID leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed publicly and may be used. The CVSS score for this vulnerability is 2.1, indicating a low severity.

Vendor
code-projects
Product
Assessment Management
CVSS
LOW 2.1
CISA KEV
Not listed in stored evidence
Original CVE published
2026-07-04
Original CVE updated
2026-07-04
Advisory published
2026-07-04
Advisory updated
2026-07-04

Who should care

Defenders of Code-Projects Assessment Management 1.0 should be aware of this cross site scripting vulnerability. This vulnerability may allow remote attackers to inject malicious scripts into the application. Although the CVSS score is low, defenders should still take necessary precautions to prevent potential attacks.

Technical summary

CVE-2026-14656 is a cross site scripting vulnerability in Code-Projects Assessment Management 1.0. The vulnerability is located in the /admin/remove-user.php file and is caused by the manipulation of the ID argument. An attacker can initiate the attack remotely, and the exploit has been publicly disclosed. The CVSS vector for this vulnerability is CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X.

Defensive priority

Defenders should prioritize patching this vulnerability to prevent potential cross site scripting attacks. Although the CVSS score is low, it is still important to take necessary precautions to prevent potential attacks.

Recommended defensive actions

  • Patch the vulnerable Code-Projects Assessment Management 1.0 application
  • Restrict access to the /admin/remove-user.php file
  • Implement input validation and sanitization for the ID argument
  • Monitor the application for potential cross site scripting attacks
  • Consider implementing a web application firewall to detect and prevent attacks

Evidence notes

The CVE-2026-14656 vulnerability was detected in Code-Projects Assessment Management 1.0. The vulnerability affects an unknown part of the file /admin/remove-user.php. The manipulation of the argument ID leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed publicly and may be used. The CVSS score for this vulnerability is 2.1, indicating a low severity.

Official resources

This article is AI-assisted and based on the supplied source corpus.