CVE-2026-7089

· NIST NVD ↗

A security vulnerability has been detected in code-projects Home Service System 1.0. The impacted element is an unknown function of the file /booking.php of the component Appointment Booking. The manipulation of the argument fname/lname leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed publicly and may be used.

MEDIUM
CVSS severity
4.3
CVSS base score
2026-04-27
Published

CWE codes

CWE-79CWE-94

Sources