A vulnerability described as problematic has been identified in code-projects Project Management System 1.0 . This vulnerability affects unknown code of the file /mail.php of the component Mail Compose Page . Such manipulation leads to cross site scripting. This vulnerability is listed as CVE-2026-13504 . The attack may be performed from remote. In addition, an exploit is available.