Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
6.1
Society Management System Portal V1.0 allows malicious scripts to be injected via user input
CVE-2026-26464
Summary
A security flaw in the Society Management System Portal V1.0 allows attackers to inject malicious code into the system. This code can be executed in users' web browsers when they view certain pages, potentially leading to unauthorized actions or data theft. To protect your system, update to the latest version of the software or apply a patch if one is available.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| kashipara | society_management_system_portal | 1.0 | – |
Original title
Stored Cross-Site Scripting (XSS) was found in the /admin/edit_user.php page of Society Management System Portal V1.0, which allows remote attackers to inject and store arbitrary JavaScript code th...
Original description
Stored Cross-Site Scripting (XSS) was found in the /admin/edit_user.php page of Society Management System Portal V1.0, which allows remote attackers to inject and store arbitrary JavaScript code that is executed in users' browsers. This vulnerability can be exploited via the name parameter in a POST HTTP request, leading to execution of malicious scripts when the affected content is viewed by other users, including administrators.
nvd CVSS3.1
6.1
Vulnerability type
CWE-79
Cross-site Scripting (XSS)
- https://github.com/0xBhushan/Writeups/blob/main/CVE/Kashipara/Society%20Manageme... Exploit Third Party Advisory
Published: 23 Feb 2026 · Updated: 12 Mar 2026 · First seen: 6 Mar 2026