CVE-2026-7090

LOW 2.4

code-projects Chat System send_message.php cross site scripting

CVSS Score

2.4

EPSS Score

0.0%

EPSS Percentile

0th

A vulnerability was detected in code-projects Chat System 1.0. This affects an unknown function of the file /admin/send_message.php of the component Chat Interface. The manipulation of the argument msg results in cross site scripting. The attack may be launched remotely. The exploit is now public and may be used.

CWE	CWE-79 CWE-94
Vendor	code-projects
Product	chat system
Published	Apr 27, 2026

Stay Ahead of the Next One

Get instant alerts for code-projects chat system

Be the first to know when new low vulnerabilities affecting code-projects chat system are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality

Integrity

Availability

Affected Versions

code-projects / Chat System

1.0

References

NVD ↗ CVE.org ↗ EPSS Data ↗

vuldb.com: https://vuldb.com/vuln/359665 vuldb.com: https://vuldb.com/vuln/359665/cti vuldb.com: https://vuldb.com/submit/800383 gist.github.com: https://gist.github.com/higordiego/4683bee16b197643744159b76d0c1ea6 code-projects.org: https://code-projects.org/

Credits

🔍 c4ttr4ck (VulDB User)