CVE-2026-4969

CVE Database · CVE-2026-4969

CVE-2026-4969

· LOWDeferred

CVSS v3.1

3.5

CVSS v4.0

2.0

EPSS

0.19%

Published

Mar 27, 2026

Modified

Apr 28, 2026

Public PoC / Exploit

All weaponized →

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

A vulnerability was identified in code-projects Social Networking Site 1.0. The impacted element is an unknown function of the file /home.php of the component Alert Handler. The manipulation of the argument content leads to cross site scripting. Remote exploitation of the attack is possible. The exploit is publicly available and might be used.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N

Weaknesses (CWE)

CWE-79CWE-94

References (5)

https://code-projects.org/

https://github.com/ahmadmarz10-hub/CVEsMarz/blob/main/Stored%20Cross-Site%20Scripting%20(XSS)%20in%20PHP%20Social%20Networking%20Site.md

https://vuldb.com/?ctiid.353856

https://vuldb.com/?id.353856

https://vuldb.com/?submit.777815

KEV Catalog EPSS Scores Vendors All CVEs