Vulnerabilities

CVE-2026-2214 - code-projects for Plugin AdminAddAlbum.php cross site scripting

2026-02-09 0 views admin

CVE ID : CVE-2026-2214 Published : Feb. 9, 2026, 5:16 a.m. | 50 minutes ago Description : A weakness has been identified in code-projects for Plugin 1.0. This affects an unknown part of the file /Administrator/PHP/AdminAddAlbum.php. This manipulation of the argument txtalbum causes cross site scripting. It is possible to initiate the attack remotely. The exploit has been made available to the public and could be used for attacks. Severity: 4.8 | MEDIUM Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVE Details

CVE ID

CVE-2026-2214

Severity

MEDIUM

Published

Feb. 9, 2026

Affected Product: PHP

🏷️ Tags

cvevulnerabilitysecuritycybersecuritycve-2026-2214mediumphp

CVE-2026-2214 - code-projects for Plugin AdminAddAlbum.php cross site scripting

CVE Details

🏷️ Tags

More from Vulnerabilities

CVE-2025-7799 - Reflected XSS in Zirve Information Technologies' e-Taxpayer Accounting Website

CVE-2026-25904 - Overly permissive Deno configuration in mcp-run-python leads to SSRF

CVE-2026-25916 - Roundcube Webmail SVG Image Injection Vulnerability

CVE-2026-25905 - Lack of isolation in mcp-run-python leads to MCP server takeover

Trending

CVE-2025-61481: Critical Remote Code Execution Vulnerability in MikroTik RouterOS & SwitchOS

CVE-2025-43939: Dell Unity OS Command Injection (High)

Google disputes false claims of massive Gmail data breach

Microsoft: DNS outage impacts Azure and Microsoft 365 services

3.5B Accounts, 1 Critical Flaw: Meta Closes WhatsApp Data-Harvesting