{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-3946", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2026-03-11T09:17:24.423Z", "datePublished": "2026-03-11T15:02:08.129Z", "dateUpdated": "2026-03-11T15:49:51.282Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2026-03-11T15:02:08.129Z"}, "title": "PHPEMS index.php cross site scripting", "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-79", "lang": "en", "description": "Cross Site Scripting"}]}, {"descriptions": [{"type": "CWE", "cweId": "CWE-94", "lang": "en", "description": "Code Injection"}]}], "affected": [{"vendor": "n/a", "product": "PHPEMS", "versions": [{"version": "11.0", "status": "affected"}], "cpes": ["cpe:2.3:a:phpems:phpems:*:*:*:*:*:*:*:*"]}], "descriptions": [{"lang": "en", "value": "A vulnerability was detected in PHPEMS 11.0. The affected element is an unknown function of the file /index.php?ask=app-ask. Performing a manipulation of the argument askcontent results in cross site scripting. The attack is possible to be carried out remotely. The exploit is now public and may be used."}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 5.1, "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P", "baseSeverity": "MEDIUM"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 3.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R", "baseSeverity": "LOW"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 3.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R", "baseSeverity": "LOW"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 4, "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N/E:POC/RL:ND/RC:UR"}}], "timeline": [{"time": "2026-03-11T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed"}, {"time": "2026-03-11T01:00:00.000Z", "lang": "en", "value": "VulDB entry created"}, {"time": "2026-03-11T10:22:30.000Z", "lang": "en", "value": "VulDB entry last update"}], "credits": [{"lang": "en", "value": "shufenshui (VulDB User)", "type": "reporter"}], "references": [{"url": "https://vuldb.com/?id.350368", "name": "VDB-350368 | PHPEMS index.php cross site scripting", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.350368", "name": "VDB-350368 | CTI Indicators (IOB, IOC, TTP, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.773039", "name": "Submit #773039 | PHPEMS V11.0 Stored Cross-Site Scripting", "tags": ["third-party-advisory"]}, {"url": "https://github.com/shufenshui/CVE/issues/1", "tags": ["issue-tracking"]}, {"url": "https://github.com/user-attachments/files/25814874/default.docx", "tags": ["exploit"]}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-11T15:49:39.067453Z", "id": "CVE-2026-3946", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-11T15:49:51.282Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-3946", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-11T15:49:39.067453Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-11T15:49:42.962Z"}}], "cna": {"title": "PHPEMS index.php cross site scripting", "credits": [{"lang": "en", "type": "reporter", "value": "shufenshui (VulDB User)"}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 5.1, "baseSeverity": "MEDIUM", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 3.5, "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 3.5, "baseSeverity": "LOW", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 4, "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N/E:POC/RL:ND/RC:UR"}}], "affected": [{"cpes": ["cpe:2.3:a:phpems:phpems:*:*:*:*:*:*:*:*"], "vendor": "n/a", "product": "PHPEMS", "versions": [{"status": "affected", "version": "11.0"}]}], "timeline": [{"lang": "en", "time": "2026-03-11T00:00:00.000Z", "value": "Advisory disclosed"}, {"lang": "en", "time": "2026-03-11T01:00:00.000Z", "value": "VulDB entry created"}, {"lang": "en", "time": "2026-03-11T10:22:30.000Z", "value": "VulDB entry last update"}], "references": [{"url": "https://vuldb.com/?id.350368", "name": "VDB-350368 | PHPEMS index.php cross site scripting", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.350368", "name": "VDB-350368 | CTI Indicators (IOB, IOC, TTP, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.773039", "name": "Submit #773039 | PHPEMS V11.0 Stored Cross-Site Scripting", "tags": ["third-party-advisory"]}, {"url": "https://github.com/shufenshui/CVE/issues/1", "tags": ["issue-tracking"]}, {"url": "https://github.com/user-attachments/files/25814874/default.docx", "tags": ["exploit"]}], "descriptions": [{"lang": "en", "value": "A vulnerability was detected in PHPEMS 11.0. The affected element is an unknown function of the file /index.php?ask=app-ask. Performing a manipulation of the argument askcontent results in cross site scripting. The attack is possible to be carried out remotely. The exploit is now public and may be used."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-79", "description": "Cross Site Scripting"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-94", "description": "Code Injection"}]}], "providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2026-03-11T15:02:08.129Z"}}}, "cveMetadata": {"cveId": "CVE-2026-3946", "state": "PUBLISHED", "dateUpdated": "2026-03-11T15:49:51.282Z", "dateReserved": "2026-03-11T09:17:24.423Z", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "datePublished": "2026-03-11T15:02:08.129Z", "assignerShortName": "VulDB"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability was detected in PHPEMS 11.0. The affected element is an unknown function of the file /index.php?ask=app-ask. Performing a manipulation of the argument askcontent results in cross site scripting. The attack is possible to be carried out remotely. The exploit is now public and may be used."}, {"lang": "es", "value": "Una vulnerabilidad fue detectada en PHPEMS 11.0. El elemento afectado es una funci\u00f3n desconocida del archivo /index.php?ask=app-ask. Realizar una manipulaci\u00f3n del argumento askcontent resulta en cross site scripting. El ataque es posible de llevar a cabo de forma remota. El exploit ahora es p\u00fablico y puede ser usado."}], "id": "CVE-2026-3946", "lastModified": "2026-04-29T01:00:01.613", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "cna@vuldb.com", "type": "Secondary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.5, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.1, "impactScore": 1.4, "source": "cna@vuldb.com", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 2.0, "baseSeverity": "LOW", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "PROOF_OF_CONCEPT", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "PASSIVE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "cna@vuldb.com", "type": "Secondary"}]}, "published": "2026-03-11T15:16:33.787", "references": [{"source": "cna@vuldb.com", "url": "https://github.com/shufenshui/CVE/issues/1"}, {"source": "cna@vuldb.com", "url": "https://github.com/user-attachments/files/25814874/default.docx"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/?ctiid.350368"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/?id.350368"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/?submit.773039"}], "sourceIdentifier": "cna@vuldb.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}, {"lang": "en", "value": "CWE-94"}], "source": "cna@vuldb.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "11.0"}}], "enrichment": {"confidence": 95.0, "confidence_source": "inferred", "scores": [{"score": 95.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "PHPEMS", "source": "cna", "vendor": "n/a"}, "product": "phpems", "vendor": "phpems"}], "analysis": {"en": {"generated_at": "2026-04-16T03:01:35.703056+00:00", "value": {"mitigation_remediation": ["Update PHPEMS to a patched or newer version that removes the vulnerable code.", "If an upgrade is not yet available, enforce strict input validation on the 'askcontent' parameter by escaping or stripping script tags before rendering.", "Deploy a Content\u2011Security\u2011Policy header (or similar mitigations) on the web application to restrict script execution from untrusted sources."], "summary": {"action": "Patch", "impact": "Cross\u2011Site Scripting (client\u2011side code execution)"}, "threat_synthesis": {"affected_systems": "The affected system is the PHPEMS e\u2011learning platform version\u202f11.0. The flaw resides in the index.php script that processes the 'askcontent' input. Only installations running PHPEMS 11.0 or earlier are vulnerable; any newer release that removes or sanitises this input is presumed safe.", "description_and_impact": "A cross\u2011site scripting flaw exists in the PHPEMS 11.0 application, triggered by manipulating the 'askcontent' parameter in the /index.php?ask=app-ask endpoint. The vulnerability allows an attacker to inject and execute arbitrary script code within the context of a victim\u2019s browser, potentially leading to session hijacking, defacement, or credential theft. The weakness is a classic reflected XSS, classified under CWE\u201179, and is exposed through a remote attack vector.", "risk_and_exploitability": "The CVSS base score of 5.1 reflects moderate severity. The EPSS score of less than 1\u202f% indicates a low probability that the vulnerability has been widely exploited in the wild, and it is not listed in the CISA KEV catalog, so no known field\u2011invasive exploits have been reported. Nonetheless, the flaw is publicly documented and exploitable by anyone with network access to the web server, requiring no authentication or special privileges. An attacker can craft a URL containing malicious code in the askcontent value, cause the target user\u2019s browser to execute it, and then proceed with secondary attacks if privileged information is captured."}}}}, "created": "2026-03-12T10:05:46.519053+00:00", "updated": "2026-04-16T03:15:22.941875+00:00", "vendors": ["phpems", "phpems$PRODUCT$phpems"]}