How serious is CVE-2026-26464?

This vulnerability has a CVSS score of 6.1 out of 10, classified as MEDIUM severity. Proof-of-concept exploit code is publicly available, making this an active threat.

Is there exploit code available for CVE-2026-26464?

Yes, proof-of-concept exploit code for CVE-2026-26464 is publicly available on GitHub and security research platforms. This increases the risk of active exploitation.

Which products are affected by CVE-2026-26464?

CVE-2026-26464 affects kashipara society management system portal. Check the full CVE details for specific version information.

How do I fix CVE-2026-26464?

To remediate CVE-2026-26464, check for security patches from kashipara. Apply all available updates and security patches. If no patch is available, implement recommended workarounds or security controls to mitigate the risk.

CVE-2026-26464

Medium

|6.1

Exploit Available

Plain English Summary

AI-powered analysis for quick understanding

This vulnerability allows attackers to inject harmful JavaScript code into the Society Management System, which then runs in the browsers of users who view the affected content, including administrators. To exploit this, the attacker needs to send a specially crafted request with malicious code through the name parameter when editing a user.

Technical Description

Stored Cross-Site Scripting (XSS) was found in the /admin/edit_user.php page of Society Management System Portal V1.0, which allows remote attackers to inject and store arbitrary JavaScript code that is executed in users' browsers. This vulnerability can be exploited via the name parameter in a POST HTTP request, leading to execution of malicious scripts when the affected content is viewed by other users, including administrators.

CVSS Vector Analysis

Attack VectorNetwork

Attack ComplexityLow

Privileges RequiredNone

User InteractionRequired

Confidentiality ImpactLow

Integrity ImpactLow

Availability ImpactNone

ScopeChanged

Vector String

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Exploit Resources

Search for proof-of-concept code and exploit modules

GitHub Search Exploit-DB Nuclei Templates Metasploit Vulners

Official References

NIST NVD

Est. Bounty

$862($500-$1K)

Vendor Response

Grade APatched in 3 days

Quick Information

Published

Feb 23, 2026

about 1 month ago

Last Modified

Feb 26, 2026

about 1 month ago

Vendor

kashipara

Product

society management system portal