CVE-2026-7222

LOW

code-projects Coaching Management System Complaint Form complaint.php cross site scripting

Title source: cna
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2026-7222. PoCs published by Xmyronn.

AI-analyzed exploit summary This repository provides a detailed technical analysis of a stored XSS vulnerability (CVE-2026-7222) in the Coaching Management System, including root cause, exploitation steps, and impact assessment. It includes screenshots and payload examples but does not contain functional exploit code.

Description

A vulnerability was determined in code-projects Coaching Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /cims/modules/student/complaint.php of the component Complaint Form Page. This manipulation of the argument Complaint causes cross site scripting. The attack can be initiated remotely. The exploit has been publicly disclosed and may be utilized.

Exploits (1)

nomisec WRITEUP
by Xmyronn · poc
https://github.com/Xmyronn/CVE-2026-7222-XSS

This repository provides a detailed technical analysis of a stored XSS vulnerability (CVE-2026-7222) in the Coaching Management System, including root cause, exploitation steps, and impact assessment. It includes screenshots and payload examples but does not contain functional exploit code.

Classification
Writeup 95%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target: Coaching Management System in PHP (Code-Projects.org)
Auth required
Prerequisites: Access to a student or admin account · Ability to submit a complaint or reply
devstral-2 · analyzed Apr 28, 2026 Full analysis →

References (5)

Core 5
Core References
Vdb Entry, Technical Description vdb-entry technical-description
VDB-359822 | code-projects Coaching Management System Complaint Form complaint.php cross site scripting
https://vuldb.com/vuln/359822
Signature, Permissions Required signature permissions-required
VDB-359822 | CTI Indicators (IOB, IOC, TTP, IOA)
https://vuldb.com/vuln/359822/cti
Third Party Advisory third-party-advisory
Submit #802264 | code-projects Coaching Management System in PHP Unknown Cross Site Scripting
https://vuldb.com/submit/802264
Product product
https://code-projects.org/

Scores

CVSS v3 3.5
EPSS 0.0023
EPSS Percentile 13.8%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact partial

Details

CWE
CWE-79 CWE-94
Status published
Products (1)
code-projects/Coaching Management System 1.0
Published Apr 28, 2026
Tracked Since Apr 28, 2026