CVE-2026-6003

| EUVD-2026-21284 MEDIUM
2026-04-10 VulDB
4.8
CVSS 4.0
Share

CVSS Vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
High
User Interaction
P
Scope
X

Lifecycle Timeline

4
PoC Detected
Apr 10, 2026 - 03:16 vuln.today
Public exploit code
Analysis Generated
Apr 10, 2026 - 02:45 vuln.today
EUVD ID Assigned
Apr 10, 2026 - 02:45 euvd
EUVD-2026-21284
CVE Published
Apr 10, 2026 - 02:15 nvd
MEDIUM 4.8

Tags

XSS Simple It Discussion Forum

Description

A security vulnerability has been detected in code-projects Simple IT Discussion Forum 1.0. This issue affects some unknown processing of the file /admin/user.php. Such manipulation of the argument fname leads to cross site scripting. The attack may be performed from remote. The exploit has been disclosed publicly and may be used.

Analysis

Stored cross-site scripting (XSS) in code-projects Simple IT Discussion Forum 1.0 allows authenticated remote attackers with administrative privileges to inject malicious scripts via the fname parameter in /admin/user.php, affecting user interactions through reflected XSS. The vulnerability has a CVSS score of 2.4 but carries a public exploit, though the low CVSS reflects the requirement for high-privilege authentication and user interaction to trigger the payload.

Sign in for full analysis, threat intelligence, and remediation guidance.

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Sign in - Free

Priority Score

44
Low Medium High Critical
KEV: 0
EPSS: +0.0
CVSS: +24
POC: +20

Share

CVE-2026-6003 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy