CVE-2026-7095

CVE Database · CVE-2026-7095

CVE-2026-7095

· MEDIUMDeferred

CVSS v3.1

4.3

CVSS v4.0

2.1

EPSS

0.27%

Published

Apr 27, 2026

Modified

Apr 28, 2026

Public PoC / Exploit

All weaponized →

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

A vulnerability was identified in code-projects Employee Management System 1.0. This affects an unknown part of the file 370project/edit.php. The manipulation of the argument ID leads to cross site scripting. It is possible to initiate the attack remotely. The exploit is publicly available and might be used.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Weaknesses (CWE)

CWE-79CWE-94

References (6)

https://code-projects.org/

https://github.com/zzzxc643/CVE1/blob/main/EMPLOYEE_MANAGEMENT_SYSTEM/vul2.md

https://vuldb.com/submit/800726

https://vuldb.com/submit/800834

https://vuldb.com/vuln/359670

https://vuldb.com/vuln/359670/cti

KEV Catalog EPSS Scores Vendors All CVEs