Description
A vulnerability was found in raisulislamg4 student_management_system_by_php up to 310d950e09013d5133c6b9210aff9444382d16d1. The impacted element is an unknown function of the file admission_form_check.php. The manipulation of the argument Message results in cross site scripting. The attack can be executed remotely. The exploit has been made public and could be used. This product implements a rolling release for ongoing delivery, which means version information for affected or updated releases is unavailable. The project was informed of the problem early through an issue report but has not responded yet.
Published: 2026-06-01
Score: 5.1 Medium
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability resides in the admission_form_check.php file of the Student Management System by PHP. A crafted Message parameter can be processed without proper sanitization, allowing an attacker to inject arbitrary JavaScript code that will run in the victim’s browser. This can lead to session hijacking, defacement, or phishing, thereby compromising the confidentiality, integrity, and availability of the application for any user who visits the affected page.

Affected Systems

The affected product is raisulislamg4’s Student Management System by PHP, distributed as a rolling release with no specific version data available. Any deployment that includes the admission_form_check.php file before the fix remains vulnerable, and the project has not yet released a corrective patch.

Risk and Exploitability

The use of a remotely deliverable payload is evidenced by the availability of a public exploit. With a CVSS score of 5.1 the threat is classified as medium severity, while the absence of an EPSS score leaves the likelihood of real‑world exploitation uncertain. The situation is not listed in the CISA KEV catalog, but the public exploit and the lack of a timely response increase the urgency for mitigation. The likely attack vector is a remote web request to the vulnerable script, which does not require local access or privileged credentials.

Generated by OpenCVE AI on June 1, 2026 at 08:23 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest version of the project once an official fix is released.
  • Validate and encode all user input before it is processed or reflected by the application.
  • Configure a Content‑Security‑Policy header to restrict script execution to trusted sources.
  • Continuously monitor web application logs for suspicious request patterns and block malicious activity.

Generated by OpenCVE AI on June 1, 2026 at 08:23 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 01 Jun 2026 07:30:00 +0000

Type Values Removed Values Added
Description A vulnerability was found in raisulislamg4 student_management_system_by_php up to 310d950e09013d5133c6b9210aff9444382d16d1. The impacted element is an unknown function of the file admission_form_check.php. The manipulation of the argument Message results in cross site scripting. The attack can be executed remotely. The exploit has been made public and could be used. This product implements a rolling release for ongoing delivery, which means version information for affected or updated releases is unavailable. The project was informed of the problem early through an issue report but has not responded yet.
Title raisulislamg4 student_management_system_by_php admission_form_check.php cross site scripting
First Time appeared Raisulislamg4
Raisulislamg4 student Management System By Php
Weaknesses CWE-79
CWE-94
CPEs cpe:2.3:a:raisulislamg4:student_management_system_by_php:*:*:*:*:*:*:*:*
Vendors & Products Raisulislamg4
Raisulislamg4 student Management System By Php
References
Metrics cvssV2_0

{'score': 4, 'vector': 'AV:N/AC:L/Au:S/C:N/I:P/A:N/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 3.5, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 3.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 5.1, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P'}

Subscriptions

Raisulislamg4 Student Management System By Php
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-06-01T05:30:08.542Z

Reserved: 2026-05-31T07:58:54.579Z

Link: CVE-2026-10228

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-06-01T08:16:18.850

Modified: 2026-06-01T08:16:18.850

Link: CVE-2026-10228

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-01T10:30:25Z

Weaknesses