CVE-2026-4909

LOW

code-projects Exam Form Submission update_s7.php cross site scripting

Title source: cna

Description

A weakness has been identified in code-projects Exam Form Submission 1.0. This impacts an unknown function of the file /admin/update_s7.php. This manipulation of the argument sname causes cross site scripting. It is possible to initiate the attack remotely. The exploit has been made available to the public and could be used for attacks.

References (5)

Scores

CVSS v3 2.4
EPSS 0.0001
EPSS Percentile 1.3%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N

Details

CWE
CWE-79 CWE-94
Status published
Products (2)
code-projects/Exam Form Submission 1.0
code-projects/Exam Form Submission 7.php
Published Mar 27, 2026
Tracked Since Mar 27, 2026