Description
A security flaw has been discovered in Campcodes Division Regional Athletic Meet Game Result Matrix System 2.1. This affects an unknown part of the file save-games.php. The manipulation of the argument game_name results in cross site scripting. The attack may be performed from remote. The exploit has been released to the public and may be used for attacks.
Published: 2026-03-12
Score: 5.1 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Cross‑Site Scripting
Action: Immediate Patch
AI Analysis

Impact

The flaw in save‑games.php permits attackers to inject malicious scripts through the game_name argument. This leads to cross‑site scripting, which can be used to hijack user sessions, deface content, or execute further client‑side attacks. The CVE notes that the exploit has been publicly released and attackers can trigger it from remote hosts.

Affected Systems

The affected application is Campcodes Division Regional Athletic Meet Game Result Matrix System, version 2.1. The vulnerability resides in an unknown section of the file save‑games.php; a security patch is required to remove the attack surface.

Risk and Exploitability

The base exploit score of 5.1 reflects a moderate impact. The EPSS score of less than 1 % suggests low current exploitation likelihood, but the vulnerability is publicly known and may be leveraged arbitrarily. The attack vector is inferred to be network‑based, with the threat of remote exploitation.

Generated by OpenCVE AI on April 16, 2026 at 02:48 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the application to a patched release that removes the vulnerable code in save‑games.php
  • Sanitize the game_name input by validating or encoding the data before it is rendered in the browser
  • Deploy a Web Application Firewall rule that blocks script injection attempts targeting the game_name parameter

Generated by OpenCVE AI on April 16, 2026 at 02:48 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 13 Mar 2026 10:00:00 +0000

Type Values Removed Values Added
First Time appeared Campcodes
Campcodes division Regional Athletic Meet Game Result Matrix System
Vendors & Products Campcodes
Campcodes division Regional Athletic Meet Game Result Matrix System

Thu, 12 Mar 2026 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 12 Mar 2026 05:45:00 +0000

Type Values Removed Values Added
Description A security flaw has been discovered in Campcodes Division Regional Athletic Meet Game Result Matrix System 2.1. This affects an unknown part of the file save-games.php. The manipulation of the argument game_name results in cross site scripting. The attack may be performed from remote. The exploit has been released to the public and may be used for attacks.
Title Campcodes Division Regional Athletic Meet Game Result Matrix System save-games.php cross site scripting
Weaknesses CWE-79
CWE-94
References
Metrics cvssV2_0

{'score': 4, 'vector': 'AV:N/AC:L/Au:S/C:N/I:P/A:N/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 3.5, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 3.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 5.1, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P'}

Subscriptions

Campcodes Division Regional Athletic Meet Game Result Matrix System
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-03-12T14:37:50.928Z

Reserved: 2026-03-11T14:33:24.756Z

Link: CVE-2026-3983

cve-icon Vulnrichment

Updated: 2026-03-12T14:37:46.024Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-03-12T06:16:30.743

Modified: 2026-03-12T21:07:53.427

Link: CVE-2026-3983

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-16T03:00:09Z

Weaknesses