{"cve_id":"CVE-2026-2224","summary":"A vulnerability was detected in code-projects Online Reviewer System 1.0. This affects an unknown part of the file /system/system/admins/manage/users/btn_functions.php. The manipulation of the argument firstname results in cross site scripting. It is possible to launch the attack remotely. The exploit is now public and may be used.","cvss":3.5,"cvss_version":3.0,"cvss_v2":4.0,"cvss_v3":3.5,"epss":0.00029,"ranking_epss":0.0823,"kev":false,"propose_action":null,"ransomware_campaign":null,"references":["https://code-projects.org/","https://github.com/tiancesec/CVE/issues/23","https://vuldb.com/?ctiid.344941","https://vuldb.com/?id.344941","https://vuldb.com/?submit.750028"],"published_time":"2026-02-09T09:16:34","cpes":["cpe:2.3:a:fabian:online_reviewer_system:1.0"]}