Description
A flaw has been found in code-projects Simple IT Discussion Forum 1.0. This issue affects some unknown processing of the file /edit-category.php. Executing a manipulation of the argument Category can lead to cross site scripting. The attack can be launched remotely. The exploit has been published and may be used.
Published: 2026-04-09
Score: 5.3 Medium
EPSS: n/a
KEV: No
Impact: Remote Cross‑Site Scripting
Action: Apply Patch
AI Analysis

Impact

A flaw in the edit-category.php page of the Simple IT Discussion Forum allows an attacker to inject arbitrary script by manipulating the Category parameter. This cross‑site scripting (XSS) flaw enables the execution of malicious code in the browsers of users who view the affected page. As a result, attackers could deface pages, steal authentication cookies, or perform social‑engineering attacks against visitors.

Affected Systems

The vulnerability is present in code‑projects Simple IT Discussion Forum version 1.0. Any deployment running this exact release and exposing the edit‑category.php endpoint is susceptible. The issue does not appear in later releases, but no evidence exists regarding other versions, so teams should confirm the version installed.

Risk and Exploitability

The CVSS v3 score of 5.3 indicates a moderate severity with potential impact on confidentiality, integrity, or availability of client‑side data. The exploit has already been published and is remotely exploitable; however, an EPSS score is not provided and the flaw is not listed in the CISA KEV catalog. Attackers can trigger the flaw by accessing edit‑category.php with a crafted Category GET or POST parameter, which suggests the attack vector is remote request from an unauthenticated or authenticated user. Accordingly, the risk remains significant until mitigated.

Generated by OpenCVE AI on April 9, 2026 at 02:21 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the vendor patch or upgrade to a fixed version of Simple IT Discussion Forum
  • If a patch is not yet available, ensure the Category input is properly validated and encoded to eliminate any executable code
  • Restrict access to edit‑category.php so that only trusted administrators can change categories
  • Monitor web traffic for abnormal requests to edit‑category.php and log any suspicious inputs

Generated by OpenCVE AI on April 9, 2026 at 02:21 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 09 Apr 2026 08:30:00 +0000

Type Values Removed Values Added
First Time appeared Code-projects
Code-projects simple It Discussion Forum
Vendors & Products Code-projects
Code-projects simple It Discussion Forum

Thu, 09 Apr 2026 01:00:00 +0000

Type Values Removed Values Added
Description A flaw has been found in code-projects Simple IT Discussion Forum 1.0. This issue affects some unknown processing of the file /edit-category.php. Executing a manipulation of the argument Category can lead to cross site scripting. The attack can be launched remotely. The exploit has been published and may be used.
Title code-projects Simple IT Discussion Forum edit-category.php cross site scripting
Weaknesses CWE-79
CWE-94
References
Metrics cvssV2_0

{'score': 5, 'vector': 'AV:N/AC:L/Au:N/C:N/I:P/A:N/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 4.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 5.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P'}

Subscriptions

Code-projects Simple It Discussion Forum
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-04-09T00:30:13.771Z

Reserved: 2026-04-08T16:55:00.668Z

Link: CVE-2026-5826

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-04-09T01:16:50.187

Modified: 2026-04-09T01:16:50.187

Link: CVE-2026-5826

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-09T08:25:23Z

Weaknesses