CVE-2026-13504
LowCVSS 3.5Exploitation Probability (EPSS)
Low risk10th percentile — higher than 10% of all known CVEs
Summary
A cross-site scripting vulnerability was found in Project Management System 1.0 in the /mail.php file (Mail Compose Page). The attack can be performed remotely and exploit details are publicly available.
Risk Assessment
An attacker can inject a malicious script, potentially leading to session theft, redirects, or displaying fake content to system users.
Recommendation
Immediately update the system to the latest version or apply a security patch. Additionally, implement input validation and sanitization in the /mail.php file.
Original NVD description (English source)
A vulnerability has been found in code-projects Project Management System 1.0. This vulnerability affects unknown code of the file /mail.php of the component Mail Compose Page. Such manipulation leads to cross site scripting. The attack may be performed from remote. The exploit has been disclosed to the public and may be used.

