CVE-2026-38931

UNKNOWN NVD

CVSS Score 0

Severity UNKNOWN

Published May 27, 2026

Vendor unknown

Description

A stored cross-site scripting (XSS) vulnerability in the /admin/config-module.php component of creatorsofcode simplephp GitHub commit 5184cff (Latest as of 2026-02-27) via injecting a crafted payload.

References

http://creatorsofcode.com
http://simplephp.com
https://moworn.github.io/post/cve-2026-38931/