Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
5.1
PHPEMS 11.0: Cross-site scripting in askcontent input
CVE-2026-3946
Summary
A flaw in PHPEMS 11.0 allows an attacker to inject malicious code into a website, potentially stealing user data or taking control of the site. This can happen when a user interacts with a manipulated website. Update PHPEMS to a fixed version to prevent this attack.
Original title
A vulnerability was detected in PHPEMS 11.0. The affected element is an unknown function of the file /index.php?ask=app-ask. Performing a manipulation of the argument askcontent results in cross si...
Original description
A vulnerability was detected in PHPEMS 11.0. The affected element is an unknown function of the file /index.php?ask=app-ask. Performing a manipulation of the argument askcontent results in cross site scripting. The attack is possible to be carried out remotely. The exploit is now public and may be used.
nvd CVSS2.0
4.0
nvd CVSS3.1
3.5
nvd CVSS4.0
5.1
Vulnerability type
CWE-79
Cross-site Scripting (XSS)
CWE-94
Code Injection
Published: 11 Mar 2026 · Updated: 13 Mar 2026 · First seen: 11 Mar 2026