CVE-2026-4578

LOW

code-projects Exam Form Submission update_s3.php cross site scripting

Title source: cna

Description

A vulnerability was determined in code-projects Exam Form Submission 1.0. The impacted element is an unknown function of the file /admin/update_s3.php. Executing a manipulation of the argument sname can lead to cross site scripting. The attack may be launched remotely. The exploit has been publicly disclosed and may be utilized.

References (5)

Scores

CVSS v3 2.4
EPSS 0.0003
EPSS Percentile 9.5%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N

Details

CWE
CWE-79 CWE-94
Status published
Products (1)
code-projects/Exam Form Submission 1.0
Published Mar 23, 2026
Tracked Since Mar 23, 2026