CVE-2026-13567 PUBLISHED

A security flaw has been discovered in code-projects Online Music Site 1.0. This affects an unknown part of the file /Frontend/Feedback.php of the component POST Request Handler. The manipulation of the argument fname/femail/faddress/fmessage results in cross site scripting. The attack may be launched remotely. The exploit has been released to the public and may be used for attacks.

• qwcc (VulDB User) reporter

• VDB-374575 | code-projects Online Music Site POST Request Feedback.php cross site scripting
• VDB-374575 | CTI Indicators (IOB, IOC, TTP, IOA)
• CVE-2026-13567 | CVE Analysis and Report
• Submit #844228 | Code-projects ONLINE MUSIC SITE V1.0 Storage XSS vulnerability
• https://github.com/qwessec/CVE/issues/1
• https://code-projects.org/

• Cross Site Scripting CWE
• Code Injection CWE