CVE-2026-1135 - Vulnerability Details

- itsourcecode Society Management System activity.php cross site scripting

Description

A security flaw has been discovered in itsourcecode Society Management System 1.0. This impacts an unknown function of the file /admin/activity.php. The manipulation of the argument Title results in cross site scripting. The attack may be launched remotely. The exploit has been released to the public and may be used for attacks.

Published: 2026-01-19

Score: 5.3 Medium

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

The vulnerability in the itsourcecode Society Management System allows a remote attacker to inject arbitrary client‑side script by manipulating the Title argument in the /admin/activity.php file. It is classified as CWE‑79.

Affected Systems

The affected product is the itsourcecode Society Management System, version 1.0. The flaw exists in a specific internal function within the admin/activity page. No further version details or vendor patches are listed in the provided data.

Risk and Exploitability

The CVSS base score of 5.3 places the issue in the medium severity range, and the EPSS score of < 1% indicates a very low current exploitation probability. The flaw is not listed in the CISA KEV catalog, but publicly disclosed exploit code exists. The description states that the attack can be launched remotely, but does not mention whether authentication is required.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

itsourcecode

Society Management System

affected

Version	Status	Constraints
`1.0`	affected	—

Configuration 1 [-]

cpe:2.3:a:angeljudesuarez:society_management_system:1.0:*:*:*:*:*:*:*

No data.

Vendor	Product	Confidence	Versions
Itsourcecode	Society Management System	—	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Apply any available vendor patch or upgrade to a patched version of itsourcecode Society Management System 1.0 as soon as one is released.
Sanitize and encode any data that is reflected back to the browser, especially the Title parameter, using safe output helpers such as htmlspecialchars or a dedicated library.
Restrict access to the /admin/activity.php page by enforcing strict authentication and role‑based access control, and consider disabling the feature until a fix is available.

Generated by OpenCVE AI on April 18, 2026 at 19:05 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Attack Requirements None

User Interaction Passive

Vulnerable System Confidentiality Impact None

Vulnerable System Integrity Impact Low

Vulnerable System Availability Impact None

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact None

User Interaction Required

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact None

User Interaction Required

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

This CVE is not in the KEV list.

The EPSS score is 0.00017.

Exploitation poc

Automatable no

Technical Impact partial

References

Link	Providers
https://github.com/TEhS411/cve/issues/8
https://itsourcecode.com/
https://vuldb.com/?ctiid.341725
https://vuldb.com/?id.341725
https://vuldb.com/?submit.735157

History

Wed, 04 Feb 2026 20:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Angeljudesuarez Angeljudesuarez society Management System
CPEs		cpe:2.3:a:angeljudesuarez:society_management_system:1.0:::::::*
Vendors & Products		Angeljudesuarez Angeljudesuarez society Management System

Tue, 20 Jan 2026 21:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Mon, 19 Jan 2026 09:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Itsourcecode Itsourcecode society Management System
Vendors & Products		Itsourcecode Itsourcecode society Management System

Mon, 19 Jan 2026 03:30:00 +0000

Type	Values Removed	Values Added
Description		A security flaw has been discovered in itsourcecode Society Management System 1.0. This impacts an unknown function of the file /admin/activity.php. The manipulation of the argument Title results in cross site scripting. The attack may be launched remotely. The exploit has been released to the public and may be used for attacks.
Title		itsourcecode Society Management System activity.php cross site scripting
Weaknesses		CWE-79 CWE-94
References		https://github.com/TEhS411/cve/issues/8 https://itsourcecode.com/ https://vuldb.com/?ctiid.341725 https://vuldb.com/?id.341725 https://vuldb.com/?submit.735157
Metrics		cvssV2_0 `{'score': 5, 'vector': 'AV:N/AC:L/Au:N/C:N/I:P/A:N/E:POC/RL:ND/RC:UR'}` cvssV3_0 `{'score': 4.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R'}` cvssV3_1 `{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R'}` cvssV4_0 `{'score': 5.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P'}`

Subscriptions

Angeljudesuarez Society Management System

Itsourcecode Society Management System

MITRE

Status: PUBLISHED

Assigner: VulDB

Published: 2026-01-19T03:02:06.348Z

Updated: 2026-02-23T08:41:10.200Z

Reserved: 2026-01-18T07:16:02.786Z

Link: CVE-2026-1135

Vulnrichment

Updated: 2026-01-20T20:10:26.122Z

NVD

Status : Analyzed

Published: 2026-01-19T04:15:59.123

Modified: 2026-02-04T20:29:33.673

Link: CVE-2026-1135

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-04-18T19:15:10Z

Weaknesses

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Network

Attack Complexity Low

Privileges Required None

Attack Requirements None

User Interaction Passive

Vulnerable System Confidentiality Impact None

Vulnerable System Integrity Impact Low

Vulnerable System Availability Impact None

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact None

User Interaction Required

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact None

User Interaction Required

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

Exploitation poc

Automatable no

Technical Impact partial

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object