CVE-2026-5806 PUBLISHED

A security vulnerability has been detected in code-projects Easy Blog Site 1.0. This affects an unknown function of the file /posts/update.php. The manipulation of the argument postTitle leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed publicly and may be used.

• AhmadMarzook (VulDB User) reporter

• VDB-356244 | code-projects Easy Blog Site update.php cross site scripting
• VDB-356244 | CTI Indicators (IOB, IOC, TTP, IOA)
• Submit #787045 | code-projects Easy Blog Site In PHP 1.0 Cross Site Scripting
• https://github.com/ahmadmarz10-hub/CVEsMarz/blob/main/Stored%20Cross-Site%20Scripting%20(XSS)%20in%20Easy%20Blog%20Site%20PHP%20postTitle%20Parameter.md
• https://code-projects.org/

• Cross Site Scripting CWE
• Code Injection CWE