Description
A vulnerability was detected in SourceCodester CET Automated Grading System with AI Predictive Analytics 1.0. This vulnerability affects unknown code of the file /index.php?action=register of the component Registration. The manipulation of the argument student_id/full_name/section/username results in cross site scripting. The attack can be launched remotely. The exploit is now public and may be used.
Published: 2026-04-29
Score: 5.3 Medium
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A flaw in the Registration component of SourceCodester’s CET Automated Grading System with AI Predictive Analytics allows an attacker to inject malicious JavaScript through the student_id, full_name, section, or username parameters of the /index.php?action=register endpoint. This injection can lead to stored or reflected XSS attacks that compromise the confidentiality and integrity of user data in the victim’s browser. The underlying weakness corresponds to CWE‑79 and, based on the description, also relates to code injection (CWE‑94).

Affected Systems

The vulnerability exists in SourceCodester’s CET Automated Grading System with AI Predictive Analytics version 1.0. No other versions are documented in the vendor statement.

Risk and Exploitability

The CVSS score of 5.3 indicates a moderate severity, and the lack of an EPSS score does not provide insight into exploitation likelihood, though the exploit is publicly available. The attack can be launched remotely through the public Registration page without authentication, and the system is listed as not included in the CISA KEV catalog.

Generated by OpenCVE AI on April 29, 2026 at 21:07 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Review and sanitize all input fields (student_id, full_name, section, username) before processing to ensure no script tags are stored.
  • Apply strict output encoding when rendering user‑generated content to the browser to neutralise any embedded scripts.
  • Deploy or update your Web Application Firewall to block known XSS payload patterns and monitor for suspicious activity.

Generated by OpenCVE AI on April 29, 2026 at 21:07 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 29 Apr 2026 20:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 29 Apr 2026 19:30:00 +0000

Type Values Removed Values Added
Description A vulnerability was detected in SourceCodester CET Automated Grading System with AI Predictive Analytics 1.0. This vulnerability affects unknown code of the file /index.php?action=register of the component Registration. The manipulation of the argument student_id/full_name/section/username results in cross site scripting. The attack can be launched remotely. The exploit is now public and may be used.
Title SourceCodester CET Automated Grading System with AI Predictive Analytics Registration index.php register cross site scripting
Weaknesses CWE-79
CWE-94
References
Metrics cvssV2_0

{'score': 5, 'vector': 'AV:N/AC:L/Au:N/C:N/I:P/A:N/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 4.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 5.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-04-29T19:31:52.183Z

Reserved: 2026-04-29T11:41:09.955Z

Link: CVE-2026-7401

cve-icon Vulnrichment

Updated: 2026-04-29T19:31:48.878Z

cve-icon NVD

Status : Deferred

Published: 2026-04-29T20:16:31.583

Modified: 2026-04-29T21:16:21.590

Link: CVE-2026-7401

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-29T21:15:16Z

Weaknesses