CVE-2026-6003 PUBLISHED

A security vulnerability has been detected in code-projects Simple IT Discussion Forum 1.0. This issue affects some unknown processing of the file /admin/user.php. Such manipulation of the argument fname leads to cross site scripting. The attack may be performed from remote. The exploit has been disclosed publicly and may be used.

• zulu (VulDB User) reporter

• VDB-356559 | code-projects Simple IT Discussion Forum user.php cross site scripting
• VDB-356559 | CTI Indicators (IOB, IOC, TTP, IOA)
• Submit #794332 | code-projects Simple IT Discussion Forum V1.0 cross site scripting
• https://github.com/zulu225588/zulu-loudong/issues/2
• https://code-projects.org/

• Cross Site Scripting CWE
• Code Injection CWE