CVE-2026-4991

LOW

QDOCS Smart School Management System Admission Enquiry enquiry cross site scripting

Title source: cna

Description

A vulnerability was detected in QDOCS Smart School Management System up to 7.2. The impacted element is an unknown function of the file /admin/enquiry of the component Admission Enquiry Module. Performing a manipulation of the argument Note results in cross site scripting. The attack is possible to be carried out remotely.

References (3)

[Vdb Entry, Technical Description] https://vuldb.com/?id.353878

[Signature, Permissions Required] https://vuldb.com/?ctiid.353878

[Third Party Advisory] https://vuldb.com/?submit.776300

Scores

CVSS v3 3.5

EPSS 0.0003

EPSS Percentile 9.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-79 CWE-94

Status published

Products (3)

QDOCS/Smart School Management System 7.0

QDOCS/Smart School Management System 7.1

QDOCS/Smart School Management System 7.2

Published Mar 27, 2026

Tracked Since Mar 29, 2026