CVE-2026-3984 - Vulnerability Details

- Campcodes Division Regional Athletic Meet Game Result Matrix System save_up_athlete.php cross site scripting

Description

A weakness has been identified in Campcodes Division Regional Athletic Meet Game Result Matrix System 2.1. This vulnerability affects unknown code of the file save_up_athlete.php. This manipulation of the argument a_name causes cross site scripting. It is possible to initiate the attack remotely. The exploit has been made available to the public and could be used for attacks.

Published: 2026-03-12

Score: 5.1 Medium

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

This vulnerability arises from improper handling of the a_name argument in Campcodes Division Regional Athletic Meet Game Result Matrix System 2.1, allowing arbitrary JavaScript injection through the save_up_athlete.php script. The flaw can be triggered by an attacker sending a crafted request to the application, causing the browser to execute malicious code in the context of legitimate users. The primary impact is the ability of an attacker to deface pages, steal session cookies, or perform other client‑side malicious actions, compromising confidentiality and integrity of user data.

Affected Systems

Campcodes Division Regional Athletic Meet Game Result Matrix System version 2.1 is affected. The issue is located in the save_up_athlete.php component, with no other versions or vendors identified. The specific code path that processes the a_name field is vulnerable.

Risk and Exploitability

The CVSS score of 5.1 indicates moderate severity, while the EPSS score of <1% suggests a low probability of widespread exploitation. The vulnerability is not listed in CISA’s KEV catalog. Remote execution is possible; the publicly available exploit demonstrates that an attacker can deliver the malicious payload without additional prerequisites beyond access to the vulnerable endpoint.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Campcodes

Division Regional Athletic Meet Game Result Matrix System

affected

Version	Status	Constraints
`2.1`	affected	—

No data.

Vendor Product Confidence Versions

Campcodes

Division Regional Athletic Meet Game Result Matrix System

100%

Version	Status	Scheme	Platform
`2.1`	affected	generic	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Update Campcodes Division Regional Athletic Meet Game Result Matrix System to a version that contains the fix for the save_up_athlete.php XSS issue, or apply the vendor’s official patch if available.
Sanitize or encode all user‑supplied input, particularly the a_name parameter, before rendering it in any HTML context to prevent injected scripts from executing.
Implement a comprehensive content security policy (CSP) and request filtering to mitigate the effects of any residual XSS vectors and to alert on unexpected script execution.

Generated by OpenCVE AI on April 16, 2026 at 02:48 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Attack Requirements None

User Interaction Passive

Vulnerable System Confidentiality Impact None

Vulnerable System Integrity Impact Low

Vulnerable System Availability Impact None

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact None

User Interaction Required

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact None

User Interaction Required

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

This CVE is not in the KEV list.

The EPSS score is 0.00036.

Exploitation poc

Automatable no

Technical Impact partial

References

Link	Providers
https://github.com/LaneyYu/cve/issues/11
https://vuldb.com/?ctiid.350420
https://vuldb.com/?id.350420
https://vuldb.com/?submit.769721
https://www.campcodes.com/

History

Fri, 13 Mar 2026 10:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Campcodes Campcodes division Regional Athletic Meet Game Result Matrix System
Vendors & Products		Campcodes Campcodes division Regional Athletic Meet Game Result Matrix System

Thu, 12 Mar 2026 15:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Thu, 12 Mar 2026 05:45:00 +0000

Type	Values Removed	Values Added
Description		A weakness has been identified in Campcodes Division Regional Athletic Meet Game Result Matrix System 2.1. This vulnerability affects unknown code of the file save_up_athlete.php. This manipulation of the argument a_name causes cross site scripting. It is possible to initiate the attack remotely. The exploit has been made available to the public and could be used for attacks.
Title		Campcodes Division Regional Athletic Meet Game Result Matrix System save_up_athlete.php cross site scripting
Weaknesses		CWE-79 CWE-94
References		https://github.com/LaneyYu/cve/issues/11 https://vuldb.com/?ctiid.350420 https://vuldb.com/?id.350420 https://vuldb.com/?submit.769721 https://www.campcodes.com/
Metrics		cvssV2_0 `{'score': 4, 'vector': 'AV:N/AC:L/Au:S/C:N/I:P/A:N/E:POC/RL:ND/RC:UR'}` cvssV3_0 `{'score': 3.5, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R'}` cvssV3_1 `{'score': 3.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R'}` cvssV4_0 `{'score': 5.1, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P'}`

Subscriptions

Campcodes Division Regional Athletic Meet Game Result Matrix System

MITRE

Status: PUBLISHED

Assigner: VulDB

Published: 2026-03-12T05:02:10.457Z

Updated: 2026-03-12T14:34:05.571Z

Reserved: 2026-03-11T14:33:28.948Z

Link: CVE-2026-3984

Vulnrichment

Updated: 2026-03-12T14:32:46.273Z

NVD

Status : Awaiting Analysis

Published: 2026-03-12T06:16:31.007

Modified: 2026-03-12T21:07:53.427

Link: CVE-2026-3984

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-04-16T03:00:09Z

Weaknesses

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Attack Requirements None

User Interaction Passive

Vulnerable System Confidentiality Impact None

Vulnerable System Integrity Impact Low

Vulnerable System Availability Impact None

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact None

User Interaction Required

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact None

User Interaction Required

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

Exploitation poc

Automatable no

Technical Impact partial

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object