CVE-2026-2939 - Vulnerability Details

- itsourcecode Student Management System Add Student add_student cross site scripting

Description

A vulnerability was found in itsourcecode Student Management System 1.0. The impacted element is an unknown function of the file /add_student/ of the component Add Student Module. The manipulation results in cross site scripting. It is possible to launch the attack remotely. The exploit has been made public and could be used.

Published: 2026-02-22

Score: 4.8 Medium

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

A flaw was discovered in the Student Management System 1.0, where an unknown function in the "/add_student/" module accepts unsanitized input that is reflected into web pages. This vulnerability allows an attacker to inject malicious scripts that execute in the browsers of users who view the affected pages. Because the attack is performed remotely through the web interface, any user who visits a crafted page could suffer from cookie theft, session hijacking, or defacement of the user interface. The public availability of the exploit increases the potential for real‑world attacks.

Affected Systems

The flaw affects itsourcecode Student Management System version 1.0. No other affected versions are listed.

Risk and Exploitability

The CVSS score for this issue is 4.8, indicating moderate severity. The EPSS score is less than 1 %, suggesting a low probability of exploitation at the time of assessment, and the vulnerability is not listed in the CISA KEV catalog. The likely attack vector is a remote web request to the Add Student form, where unsanitized values are reflected back to the client without proper escaping or filtering. An attacker with internet access can construct a malicious payload that is delivered to end‑users via the application, enabling client‑side code execution.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

itsourcecode

Student Management System

affected

Version	Status	Constraints
`1.0`	affected	—

Configuration 1 [-]

cpe:2.3:a:itsourcecode:student_management_system:1.0:*:*:*:*:*:*:*

No data.

Vendor Product Confidence Versions

Itsourcecode

Student Management System

100%

Version	Status	Scheme	Platform
`1.0`	affected	generic	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Apply any vendor‑issued patch or upgrade the Student Management System to a version that fixes the XSS issue in the Add Student module
When a patch is not yet available, implement server‑side input validation to reject or sanitize script tags and other special characters before they are rendered
Configure a web application firewall or use output‑encoding libraries to encode HTML entities in the rendered page to protect against reflected XSS

Generated by OpenCVE AI on April 17, 2026 at 16:32 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

Attack Vector Network

Attack Complexity Low

Privileges Required High

Attack Requirements None

User Interaction Passive

Vulnerable System Confidentiality Impact None

Vulnerable System Integrity Impact Low

Vulnerable System Availability Impact None

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact None

User Interaction Required

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact None

User Interaction Required

Access Vector Network

Access Complexity Low

Authentication Multiple

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

This CVE is not in the KEV list.

The EPSS score is 0.00055.

Exploitation poc

Automatable no

Technical Impact partial

References

Link	Providers
https://drive.google.com/file/d/1a-qY55pgynQviBw9UxPoIDs-UNgz6zOH/view
https://github.com/AS-AbdulSamad/CVE-1/tree/main
https://itsourcecode.com/
https://vuldb.com/?ctiid.347311
https://vuldb.com/?id.347311
https://vuldb.com/?submit.755977

History

Wed, 25 Feb 2026 22:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Mon, 23 Feb 2026 20:30:00 +0000

Type	Values Removed	Values Added
CPEs		cpe:2.3:a:itsourcecode:student_management_system:1.0:::::::*

Mon, 23 Feb 2026 15:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Itsourcecode Itsourcecode student Management System
Vendors & Products		Itsourcecode Itsourcecode student Management System

Sun, 22 Feb 2026 10:00:00 +0000

Type	Values Removed	Values Added
Description		A vulnerability was found in itsourcecode Student Management System 1.0. The impacted element is an unknown function of the file /add_student/ of the component Add Student Module. The manipulation results in cross site scripting. It is possible to launch the attack remotely. The exploit has been made public and could be used.
Title		itsourcecode Student Management System Add Student add_student cross site scripting
Weaknesses		CWE-79 CWE-94
References		https://drive.google.com/file/d/1a-qY55pgynQviBw9UxPoIDs-UNgz6zOH/view https://github.com/AS-AbdulSamad/CVE-1/tree/main https://itsourcecode.com/ https://vuldb.com/?ctiid.347311 https://vuldb.com/?id.347311 https://vuldb.com/?submit.755977
Metrics		cvssV2_0 `{'score': 3.3, 'vector': 'AV:N/AC:L/Au:M/C:N/I:P/A:N/E:POC/RL:ND/RC:UR'}` cvssV3_0 `{'score': 2.4, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R'}` cvssV3_1 `{'score': 2.4, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R'}` cvssV4_0 `{'score': 4.8, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P'}`

Subscriptions

Itsourcecode Student Management System

MITRE

Status: PUBLISHED

Assigner: VulDB

Published: 2026-02-22T09:32:09.695Z

Updated: 2026-02-25T18:26:22.340Z

Reserved: 2026-02-21T15:14:14.765Z

Link: CVE-2026-2939

Vulnrichment

Updated: 2026-02-25T18:26:16.804Z

NVD

Status : Analyzed

Published: 2026-02-22T10:15:56.520

Modified: 2026-02-23T20:18:41.597

Link: CVE-2026-2939

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-04-17T16:45:15Z

Weaknesses

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Network

Attack Complexity Low

Privileges Required High

Attack Requirements None

User Interaction Passive

Vulnerable System Confidentiality Impact None

Vulnerable System Integrity Impact Low

Vulnerable System Availability Impact None

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact None

User Interaction Required

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact None

User Interaction Required

Access Vector Network

Access Complexity Low

Authentication Multiple

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

Exploitation poc

Automatable no

Technical Impact partial

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object