EUVD-2026-16080
GHSA-w43v-pfh7-6jqq
CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
4Description
A security vulnerability has been detected in code-projects Accounting System 1.0. Impacted is an unknown function of the file /my_account/add_costumer.php of the component Web Application Interface. Such manipulation of the argument costumer_name leads to cross site scripting. The attack may be performed from remote. The exploit has been disclosed publicly and may be used.
Analysis
A stored cross-site scripting (XSS) vulnerability exists in code-projects Accounting System 1.0 within the customer management interface (/my_account/add_costumer.php), where the costumer_name parameter fails to properly sanitize user input. Attackers with low privileges and user interaction can inject malicious JavaScript that will execute in the browsers of other users viewing the affected page, potentially leading to session hijacking, credential theft, or unauthorized actions within the accounting system. …
Sign in for full analysis, threat intelligence, and remediation guidance.
Remediation
Within 30 days: Identify affected systems and apply vendor patches as part of regular patch cycle. Verify Content-Security-Policy and output encoding.
Sign in for detailed remediation steps.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today