CVE-2026-38931 PUBLISHED

Assigner: mitre
Reserved: 06.04.2026 Published: 27.05.2026 Updated: 27.05.2026

A stored cross-site scripting (XSS) vulnerability in the /admin/config-module.php component of creatorsofcode simplephp GitHub commit 5184cff (Latest as of 2026-02-27) via injecting a crafted payload.

Product Status

Vendor	n/a
Product	n/a
Versions	Version n/a is affected

References

http://creatorsofcode.com
http://simplephp.com
https://moworn.github.io/post/cve-2026-38931/

Problem Types

n/a text