CVE-2026-4577

LOW

code-projects Exam Form Submission update_s4.php cross site scripting

Title source: cna

Description

A vulnerability was found in code-projects Exam Form Submission 1.0. The affected element is an unknown function of the file /admin/update_s4.php. Performing a manipulation of the argument sname results in cross site scripting. The attack may be initiated remotely. The exploit has been made public and could be used.

References (5)

Scores

CVSS v3 2.4
EPSS 0.0003
EPSS Percentile 9.5%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N

Details

CWE
CWE-79 CWE-94
Status published
Products (1)
code-projects/Exam Form Submission 1.0
Published Mar 23, 2026
Tracked Since Mar 23, 2026