Description
A flaw has been found in code-projects Exam Form Submission 1.0. This issue affects some unknown processing of the file /admin/update_s2.php. This manipulation of the argument sname causes cross site scripting. The attack can be initiated remotely. The exploit has been published and may be used.
Published: 2026-03-23
Score: 4.8 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Cross‑site scripting that can be triggered remotely and may allow injection of malicious scripts into user browsers
Action: Apply Patch
AI Analysis

Impact

A flaw exists in code‑projects Exam Form Submission 1.0 that allows an attacker to manipulate the sname parameter in the /admin/update_s2.php file, resulting in cross‑site scripting. The vulnerability is exploitable remotely, and an exploit has already been published.

Affected Systems

The affected product is code‑projects Exam Form Submission version 1.0. No further sub‑versions or other versions are listed.

Risk and Exploitability

The CVSS score is 4.8, indicating a moderate severity impact. The EPSS score is not available, and the vulnerability is not listed in the CISA KEV catalog. Because the flaw can be triggered remotely and a public exploit exists, the risk remains realistic, especially for sites that have not patched the affected module.

Generated by OpenCVE AI on March 23, 2026 at 06:21 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply any vendor‑issued patch or upgrade to a fixed version of Exam Form Submission
  • If a patch is not yet available, restrict direct access to /admin/update_s2.php to trusted administrators only and ensure proper authentication
  • Sanitize all user‑supplied input, specifically the sname parameter, to remove or encode potentially malicious scripts

Generated by OpenCVE AI on March 23, 2026 at 06:21 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 23 Mar 2026 17:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 23 Mar 2026 05:45:00 +0000

Type Values Removed Values Added
Description A flaw has been found in code-projects Exam Form Submission 1.0. This issue affects some unknown processing of the file /admin/update_s2.php. This manipulation of the argument sname causes cross site scripting. The attack can be initiated remotely. The exploit has been published and may be used.
Title code-projects Exam Form Submission update_s2.php cross site scripting
First Time appeared Code-projects
Code-projects exam Form Submission
Weaknesses CWE-79
CWE-94
CPEs cpe:2.3:a:code-projects:exam_form_submission:*:*:*:*:*:*:*:*
Vendors & Products Code-projects
Code-projects exam Form Submission
References
Metrics cvssV2_0

{'score': 3.3, 'vector': 'AV:N/AC:L/Au:M/C:N/I:P/A:N/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 2.4, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 2.4, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 4.8, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P'}

Subscriptions

Code-projects Exam Form Submission
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-03-23T16:38:53.918Z

Reserved: 2026-03-22T08:51:07.978Z

Link: CVE-2026-4575

cve-icon Vulnrichment

Updated: 2026-03-23T16:21:33.774Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-03-23T06:16:20.870

Modified: 2026-03-23T14:31:37.267

Link: CVE-2026-4575

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-25T14:49:40Z

Weaknesses