CVE-2026-11337

MEDIUM

tittuvarghese CollegeManagementSystem fetch.php cross site scripting

Title source: cna
STIX 2.1

Description

A vulnerability was found in tittuvarghese CollegeManagementSystem 3e476335cfbfb9a049e09f474c7ec885f69a9df3/a38852979f7e27ae67b610dce5979500ef8ebe01. Affected by this vulnerability is an unknown functionality of the file /dashboard_page/forms/fetch.php. The manipulation of the argument department_name results in cross site scripting. The attack may be launched remotely. The exploit has been made public and could be used. This product operates on a rolling release basis, ensuring continuous delivery. Consequently, there are no version details for either affected or updated releases. The project was informed of the problem early through an issue report but has not responded yet.

References (6)

Core 6
Core References
Vdb Entry, Technical Description vdb-entry technical-description
VDB-368875 | tittuvarghese CollegeManagementSystem fetch.php cross site scripting
https://vuldb.com/vuln/368875
Signature, Permissions Required signature permissions-required
VDB-368875 | CTI Indicators (IOB, IOC, TTP, IOA)
https://vuldb.com/vuln/368875/cti
Third Party Advisory third-party-advisory
CVE-2026-11337 | CVE Analysis and Report
https://vuldb.com/cve/CVE-2026-11337
Third Party Advisory third-party-advisory
Submit #832583 | tittuvarghese CollegeManagementSystem 1.0 Reflected Cross‑Site Scripting
https://vuldb.com/submit/832583

Scores

CVSS v3 4.3
EPSS 0.0027
EPSS Percentile 18.8%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact partial

Details

CWE
CWE-79 CWE-94
Status published
Products (2)
tittuvarghese/CollegeManagementSystem 3e476335cfbfb9a049e09f474c7ec885f69a9df3
tittuvarghese/CollegeManagementSystem a38852979f7e27ae67b610dce5979500ef8ebe01
Published Jun 05, 2026
Tracked Since Jun 05, 2026