MEDIUM
creatorsofcode
CVE published 2026-05-27
CVE-2026-38931
A stored cross-site scripting (XSS) vulnerability exists in the /admin/config-module.php component of creatorsofcode simplephp, specifically in GitHub commit 5184cff (latest as of 2026-02-27). The vulnerability allows an attacker with low privileges to inject a crafted payload that executes in the context of another user's browser session. The CVSS 3.1 score of 5.4 (MEDIUM) reflects network attack vector, [truncated]