CVE-2026-2222

CVE Database · CVE-2026-2222

CVE-2026-2222

· LOWAnalyzed

CVSS v3.1

2.4

CVSS v4.0

1.9

EPSS

0.21%

Published

Feb 9, 2026

Modified

Apr 28, 2026

Public PoC / Exploit (1)

All weaponized →

TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

A weakness has been identified in code-projects Online Reviewer System 1.0. Affected by this vulnerability is an unknown functionality of the file /system/system/admins/manage/users/btn_functions.php. Executing a manipulation of the argument firstname can lead to cross site scripting. The attack may be performed from remote. The exploit has been made available to the public and could be used for attacks.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N

Weaknesses (CWE)

CWE-79CWE-94CWE-79

Affected Products (1)

fabian · online_reviewer_systemvulnerable

References (5)

https://code-projects.org/

Product

https://github.com/tiancesec/CVE/issues/23

ExploitIssue Tracking

https://vuldb.com/?ctiid.344939

Permissions RequiredVDB Entry

https://vuldb.com/?id.344939

Third Party AdvisoryVDB Entry

https://vuldb.com/?submit.750026

Third Party AdvisoryVDB Entry

KEV Catalog EPSS Scores Vendors All CVEs