Skip to main content

Online Music Site

1 CVEs product

Monthly

CVE-2026-13567 LOW POC Monitor

Cross-site scripting in code-projects Online Music Site 1.0 allows unauthenticated remote attackers to inject malicious scripts via the feedback form's fname, femail, faddress, or fmessage parameters handled by /Frontend/Feedback.php. The CVSS 4.0 score of 2.1 (Low) reflects the UI:P requirement - a victim must interact with the crafted content for the payload to execute, limiting autonomous exploitation. A public proof-of-concept is available via GitHub, though no confirmed active exploitation (CISA KEV) has been recorded.

XSS PHP Online Music Site
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
0.3%
EPSS 0% CVSS 2.1
LOW POC Monitor

Cross-site scripting in code-projects Online Music Site 1.0 allows unauthenticated remote attackers to inject malicious scripts via the feedback form's fname, femail, faddress, or fmessage parameters handled by /Frontend/Feedback.php. The CVSS 4.0 score of 2.1 (Low) reflects the UI:P requirement - a victim must interact with the crafted content for the payload to execute, limiting autonomous exploitation. A public proof-of-concept is available via GitHub, though no confirmed active exploitation (CISA KEV) has been recorded.

XSS PHP Online Music Site
NVD VulDB GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy