A vulnerability classified as problematic was found in code-projects Employee Management System 1.0 . This affects an unknown function of the file /applyleave.php . Executing a manipulation of the argument ID can lead to cross site scripting. This vulnerability appears as CVE-2026-9448 . The attack may be performed from remote. In addition, an exploit is available.