CVE-2026-7401

MEDIUM

SourceCodester CET Automated Grading System with AI Predictive Analytics Registration index.php register cross site scripting

Title source: cna

Exploitation Summary

EIP tracks 1 public exploit for CVE-2026-7401. PoCs published by Xmyronn.

AI-analyzed exploit summary This repository provides a detailed technical analysis of CVE-2026-7401, a stored XSS vulnerability in the CET Automated Grading System 1.0. It includes a step-by-step proof of concept, payload examples, and impact assessment, demonstrating a clear understanding of the vulnerability mechanics.

Description

A vulnerability was detected in SourceCodester CET Automated Grading System with AI Predictive Analytics 1.0. This vulnerability affects unknown code of the file /index.php?action=register of the component Registration. The manipulation of the argument student_id/full_name/section/username results in cross site scripting. The attack can be launched remotely. The exploit is now public and may be used.

Exploits (1)

github WRITEUP

by Xmyronn · poc

https://github.com/Xmyronn/CVE-2026-7401-XSS

View Code ZIP pw:eip

This repository provides a detailed technical analysis of CVE-2026-7401, a stored XSS vulnerability in the CET Automated Grading System 1.0. It includes a step-by-step proof of concept, payload examples, and impact assessment, demonstrating a clear understanding of the vulnerability mechanics.

Classification

Writeup 100%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: CET Automated Grading System with AI Predictive Analytics in PHP and MySQL 1.0

No auth needed

Prerequisites: Access to the student registration page · Admin interaction with the dashboard

MITRE ATT&CK

T1059.007 - JavaScript T1189 - Drive-by Compromise

devstral-2 · analyzed Apr 30, 2026 Full analysis →

References (5)

Core 5

Core References

Vdb Entry, Technical Description vdb-entry technical-description

VDB-360133 | SourceCodester CET Automated Grading System with AI Predictive Analytics Registration index.php register cross site scripting

https://vuldb.com/vuln/360133

Signature, Permissions Required signature permissions-required

VDB-360133 | CTI Indicators (IOB, IOC, TTP, IOA)

https://vuldb.com/vuln/360133/cti

Third Party Advisory third-party-advisory

Submit #803525 | SourceCodester CET Automated Grading System with AI Predictive Analytics in PHP and MySQL 1.0 Cross Site Scripting

https://vuldb.com/submit/803525

Exploit exploit

https://github.com/Xmyronn/Stored-XSS-in-CET-Automated-Grading-System-Student-Registration-Unauthenticated-Admin-Dashboard-.git

Product product

https://www.sourcecodester.com/

Scores

CVSS v3 4.3

EPSS 0.0032

EPSS Percentile 23.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-79 CWE-94

Status published

Products (1)

SourceCodester/CET Automated Grading System with AI Predictive Analytics 1.0

Published Apr 29, 2026

Tracked Since Apr 30, 2026