CVE-2026-3412 - Vulnerability Details

- itsourcecode University Management System att_single_view.php cross site scripting

Description

A vulnerability was detected in itsourcecode University Management System 1.0. This affects an unknown part of the file /att_single_view.php. The manipulation of the argument dt results in cross site scripting. The attack can be executed remotely. The exploit is now public and may be used.

Published: 2026-03-02

Score: 5.3 Medium

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

A flaw in itsourcecode University Management System 1.0 allows an attacker to inject arbitrary script when the application processes the dt argument in /att_single_view.php. This causes a reflected XSS vulnerability that can be triggered from a remote location. If successfully exploited, the attacker could execute arbitrary JavaScript in the victim’s browser, potentially leading to session hijacking, defacement, or delivery of additional malicious payloads.

Affected Systems

The vulnerability exists in itsourcecode:University Management System version 1.0. No other affected versions are listed.

Risk and Exploitability

The CVSS score of 5.3 indicates moderate impact, while the EPSS score of less than 1% suggests rare exploitation. Because the issue is exploitable remotely via a web request, attackers may craft a malicious URL that includes a tampered dt parameter. The absence of the vulnerability from the CISA KEV catalog does not reduce the need for remediation, but the low exploitation probability means that immediate urgency may be lower compared to high‑profile bugs. Nonetheless, any exposed XSS presents a serious security risk, especially in web applications that handle authentication or sensitive data.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

itsourcecode

University Management System

affected

Version	Status	Constraints
`1.0`	affected	—

Configuration 1 [-]

cpe:2.3:a:angeljudesuarez:university_management_system:1.0:*:*:*:*:*:*:*

No data.

Vendor Product Confidence Versions

Itsourcecode

University Management System

100%

Version	Status	Scheme	Platform
`1.0`	affected	generic	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Apply the vendor’s official patch once it becomes available.
If a patch is not yet released, sanitize and encode the dt parameter before it is echoed back to the browser to prevent script execution.
Implement a Content Security Policy header that blocks inline scripts and restricts script sources to trusted domains.

Generated by OpenCVE AI on April 16, 2026 at 14:41 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Attack Requirements None

User Interaction Passive

Vulnerable System Confidentiality Impact None

Vulnerable System Integrity Impact Low

Vulnerable System Availability Impact None

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact None

User Interaction Required

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact None

User Interaction Required

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

This CVE is not in the KEV list.

The EPSS score is 0.00056.

Exploitation poc

Automatable no

Technical Impact partial

References

Link	Providers
https://github.com/dyh1213-wq/cve/issues/1
https://itsourcecode.com/
https://vuldb.com/?ctiid.348307
https://vuldb.com/?id.348307
https://vuldb.com/?submit.763770

History

Wed, 04 Mar 2026 11:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Itsourcecode Itsourcecode university Management System
Vendors & Products		Itsourcecode Itsourcecode university Management System

Tue, 03 Mar 2026 20:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Angeljudesuarez Angeljudesuarez university Management System
CPEs		cpe:2.3:a:angeljudesuarez:university_management_system:1.0:::::::*
Vendors & Products		Angeljudesuarez Angeljudesuarez university Management System

Mon, 02 Mar 2026 15:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Mon, 02 Mar 2026 05:45:00 +0000

Type	Values Removed	Values Added
Description		A vulnerability was detected in itsourcecode University Management System 1.0. This affects an unknown part of the file /att_single_view.php. The manipulation of the argument dt results in cross site scripting. The attack can be executed remotely. The exploit is now public and may be used.
Title		itsourcecode University Management System att_single_view.php cross site scripting
Weaknesses		CWE-79 CWE-94
References		https://github.com/dyh1213-wq/cve/issues/1 https://itsourcecode.com/ https://vuldb.com/?ctiid.348307 https://vuldb.com/?id.348307 https://vuldb.com/?submit.763770
Metrics		cvssV2_0 `{'score': 5, 'vector': 'AV:N/AC:L/Au:N/C:N/I:P/A:N/E:POC/RL:ND/RC:UR'}` cvssV3_0 `{'score': 4.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R'}` cvssV3_1 `{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R'}` cvssV4_0 `{'score': 5.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P'}`

Subscriptions

Angeljudesuarez University Management System

Itsourcecode University Management System

MITRE

Status: PUBLISHED

Assigner: VulDB

Published: 2026-03-02T05:32:08.366Z

Updated: 2026-03-02T14:11:26.433Z

Reserved: 2026-03-01T09:42:44.588Z

Link: CVE-2026-3412

Vulnrichment

Updated: 2026-03-02T14:11:15.599Z

NVD

Status : Analyzed

Published: 2026-03-02T06:15:59.723

Modified: 2026-04-29T01:00:01.613

Link: CVE-2026-3412

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-04-16T14:45:25Z

Weaknesses

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Network

Attack Complexity Low

Privileges Required None

Attack Requirements None

User Interaction Passive

Vulnerable System Confidentiality Impact None

Vulnerable System Integrity Impact Low

Vulnerable System Availability Impact None

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact None

User Interaction Required

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact None

User Interaction Required

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

Exploitation poc

Automatable no

Technical Impact partial

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object