Plattform
php
Behoben in
1.0.1
A cross-site scripting (XSS) vulnerability has been identified in code-projects Online Reviewer System version 1.0. This flaw allows attackers to inject malicious scripts into the application, potentially compromising user accounts and data. The vulnerability resides in the /system/system/admins/manage/users/btn_functions.php file, specifically through manipulation of the 'firstname' argument. A fix is pending, and mitigation strategies are crucial.
Successful exploitation of CVE-2026-2224 enables an attacker to execute arbitrary JavaScript code within the context of a user's browser session on the Online Reviewer System. This can lead to various malicious actions, including session hijacking, phishing attacks, and defacement of the application. An attacker could steal sensitive user data, such as login credentials or personal information, and potentially gain unauthorized access to administrative functions. The public availability of the exploit significantly increases the risk of widespread exploitation.
The exploit for CVE-2026-2224 is publicly available, indicating a high probability of exploitation. The vulnerability has been added to the NVD database on 2026-02-09. Given the ease of exploitation and public availability, organizations using Online Reviewer System 1.0 should prioritize implementing mitigation strategies immediately.
Organizations utilizing the Online Reviewer System 1.0, particularly those with publicly accessible admin interfaces, are at significant risk. Shared hosting environments where multiple users share the same server resources are especially vulnerable, as a compromise of one user could potentially impact others.
• php / web:
grep -r 'firstname = $_POST' /var/www/html/• generic web:
curl -I <target_url>/system/system/admins/manage/users/btn_functions.php?firstname=<script>alert(1)</script>• generic web:
grep -r 'firstname = $_POST' /var/log/apache2/access.logdisclosure
Exploit-Status
EPSS
0.03% (8% Perzentil)
CISA SSVC
CVSS-Vektor
While a patch is not yet available, several mitigation steps can be implemented to reduce the risk of exploitation. Input sanitization is paramount; rigorously validate and sanitize all user-supplied data, particularly the 'firstname' parameter in /system/system/admins/manage/users/btn_functions.php. Implementing a Web Application Firewall (WAF) with XSS protection rules can also effectively block malicious requests. Consider using a Content Security Policy (CSP) to restrict the sources from which scripts can be executed. Regularly review and update the application's codebase to identify and address potential vulnerabilities.
Aktualisieren Sie das Online Reviewer System auf eine Version nach 1.0, falls vorhanden, die die Cross-Site Scripting (XSS) Vulnerabilität in der Datei btn_functions.php behebt. Alternativ sollten Sie Benutzereingaben, insbesondere das Argument 'firstname', bereinigen, um die Injektion von bösartigem Code zu verhindern.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2026-2224 is a cross-site scripting (XSS) vulnerability in Online Reviewer System 1.0, allowing attackers to inject malicious scripts via the firstname parameter. It's rated as LOW severity.
If you are using Online Reviewer System version 1.0, you are potentially affected. Immediate mitigation steps are recommended until a patch is released.
A patch is not yet available. Mitigate by implementing input sanitization, WAF rules, and a Content Security Policy (CSP).
The exploit is publicly available, suggesting a high probability of active exploitation. Organizations should act quickly to mitigate the risk.
Refer to the NVD entry for CVE-2026-2224 for the latest information and any official advisories from code-projects.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.