Description
A vulnerability was identified in hemant6488 CodeIgniter-StudentManagementSystem. The impacted element is the function addStudent of the file view_students.php of the component Students Controller. The manipulation of the argument Name leads to cross site scripting. The attack is possible to be carried out remotely. The exploit is publicly available and might be used. This product adopts a rolling release strategy to maintain continuous delivery. Therefore, version details for affected or updated releases cannot be specified. The project was informed of the problem early through an issue report but has not responded yet.
Published: 2026-05-26
Score: 5.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The flaw enables an attacker to inject malicious script through the Name argument in the Students Controller view_students.php function, leading to cross‑site scripting. This weakness, classified as CWE‑79 and associated with code injection (CWE‑94), can run arbitrary client‑side code in the victim’s browser, compromising confidentiality, integrity, and availability of user sessions and potentially defacing the application.

Affected Systems

The vulnerable component is hemant6488 CodeIgniter‑StudentManagementSystem, specifically the Students Controller view_students.php. The project follows a rolling release model, so no precise affected version can be listed. All releases that have not applied an update may remain vulnerable.

Risk and Exploitability

The CVSS base score of 5.3 indicates a moderate severity vulnerability. An attacker can exploit it remotely and the public exploitation evidence suggests that scripts are already available for launch. Because the EPSS score is not provided and the vulnerability is not listed in the CISA KEV catalog, the exact exploitation probability remains unknown, but the presence of an existing publicly available exploit increases the risk to all exposed instances.

Generated by OpenCVE AI on May 26, 2026 at 02:50 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update to the latest version of the CodeIgniter‑StudentManagementSystem or apply a vendor patch if and when it becomes available.
  • Sanitize the Name input by escaping or removing HTML special characters before processing or displaying it.
  • Configure the web application output to enforce strict Content Security Policy headers to neutralize potential injected scripts.

Generated by OpenCVE AI on May 26, 2026 at 02:50 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 26 May 2026 01:30:00 +0000

Type Values Removed Values Added
Description A vulnerability was identified in hemant6488 CodeIgniter-StudentManagementSystem. The impacted element is the function addStudent of the file view_students.php of the component Students Controller. The manipulation of the argument Name leads to cross site scripting. The attack is possible to be carried out remotely. The exploit is publicly available and might be used. This product adopts a rolling release strategy to maintain continuous delivery. Therefore, version details for affected or updated releases cannot be specified. The project was informed of the problem early through an issue report but has not responded yet.
Title hemant6488 CodeIgniter-StudentManagementSystem Students Controller view_students.php addStudent cross site scripting
First Time appeared Hemant6488
Hemant6488 codeigniter-studentmanagementsystem
Weaknesses CWE-79
CWE-94
CPEs cpe:2.3:a:hemant6488:codeigniter-studentmanagementsystem:*:*:*:*:*:*:*:*
Vendors & Products Hemant6488
Hemant6488 codeigniter-studentmanagementsystem
References
Metrics cvssV2_0

{'score': 5, 'vector': 'AV:N/AC:L/Au:N/C:N/I:P/A:N/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 4.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 5.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P'}

Subscriptions

Hemant6488 Codeigniter-studentmanagementsystem
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-05-26T00:30:10.258Z

Reserved: 2026-05-25T19:08:08.827Z

Link: CVE-2026-9518

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-05-26T02:16:40.500

Modified: 2026-05-26T02:16:40.500

Link: CVE-2026-9518

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-26T03:00:14Z

Weaknesses