CVE-2026-14656
MediumCVSS 4.3Exploitation Probability (EPSS)
Low risk36th percentile — higher than 36% of all known CVEs
Summary
A cross-site scripting vulnerability was found in Assessment Management 1.0 in /admin/remove-user.php. Manipulation of the ID argument allows remote script execution. The exploit is publicly available.
Risk Assessment
An attacker can inject malicious scripts, leading to session theft, redirects, or data theft from users.
Recommendation
Immediately update the system to the latest version or apply input filtering for the ID argument in /admin/remove-user.php.
Original NVD description (English source)
A security vulnerability has been detected in code-projects Assessment Management 1.0. This affects an unknown part of the file /admin/remove-user.php. The manipulation of the argument ID leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed publicly and may be used.

