CVE-2026-9415

4.3 MEDIUM

A weakness has been identified in code-projects Employee Management System 1.0

Published: 2026-05-25 · Last updated: 2026-05-26

Severity and scoring

CVSS: 4.3 MEDIUM
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
CWE: CWE-79, CWE-94

Description

A weakness has been identified in code-projects Employee Management System 1.0. This affects an unknown function of the file /eloginwel.php. This manipulation of the argument ID causes cross site scripting. Remote exploitation of the attack is possible. The exploit has been made available to the public and could be used for attacks.

Source: NVD

References

[NVD]https://nvd.nist.gov/vuln/detail/CVE-2026-9415
[Other]https://code-projects.org/
[Other]https://github.com/zzzxc643/CVE1/blob/main/EMPLOYEE_MANAGEMENT_SYSTEM/vul12.md
[Other]https://vuldb.com/submit/813697
[Other]https://vuldb.com/vuln/365396
[Other]https://vuldb.com/vuln/365396/cti

Related CVEs

Same CWE

CVE-2026-12425 — Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in PowerSchool Employee Access ...
CVE-2026-24155 — NVIDIA NeMo Framework for all platforms contains a code injection vulnerability (7.8 HIGH)
CVE-2024-30476 — PowerStore contains a Stored Cross-Site Scripting Vulnerability in the PowerStore Manager (5.4 MEDIUM)
CVE-2026-54198 — Unauthenticated Cross Site Scripting (XSS) in Media LIbrary Assistant <= 3.35 versions (7.1 HIGH)
CVE-2026-54191 — Unauthenticated Cross Site Scripting (XSS) in Pods <= 3.3.8 versions (7.1 HIGH)