Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
4.8
Simple IT Discussion Forum v1.0: Cross-Site Scripting Risk in Admin User Management
CVE-2026-6003
Summary
The Simple IT Discussion Forum version 1.0 has a security issue that can allow an attacker to inject malicious code into the admin user management page. This could potentially allow an attacker to take control of the forum or steal sensitive information. To protect your forum, update to a fixed version of the software or apply a patch.
Original title
A security vulnerability has been detected in code-projects Simple IT Discussion Forum 1.0. This issue affects some unknown processing of the file /admin/user.php. Such manipulation of the argument...
Original description
A security vulnerability has been detected in code-projects Simple IT Discussion Forum 1.0. This issue affects some unknown processing of the file /admin/user.php. Such manipulation of the argument fname leads to cross site scripting. The attack may be performed from remote. The exploit has been disclosed publicly and may be used.
nvd CVSS2.0
3.3
nvd CVSS3.1
2.4
nvd CVSS4.0
4.8
Vulnerability type
CWE-79
Cross-site Scripting (XSS)
CWE-94
Code Injection
Published: 10 Apr 2026 · Updated: 10 Apr 2026 · First seen: 10 Apr 2026