Description
A vulnerability was determined in itsourcecode Electronic Judging System 1.0. This issue affects some unknown processing of the file /admin/judges.php. This manipulation of the argument fname causes cross site scripting. Remote exploitation of the attack is possible. The exploit has been publicly disclosed and may be utilized.
Published: 2026-05-26
Score: 5.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A cross‑site scripting flaw exists in the Electronic Judging System version 1.0, triggered by the fname parameter in the /admin/judges.php file. The flaw allows remote attackers to inject arbitrary client‑side scripts into responses. The browser will then execute injected code in the context of an authenticated user, potentially leading to credential theft, session hijack, or defacement. The CVSS score of 5.3 indicates moderate severity, and the vulnerability is publicly disclosed with evidence of exploitation. The primary weakness aligns with CWE‑79 and CWE‑94.

Affected Systems

The affected product is itsourcecode Electronic Judging System, specifically version 1.0. No other versions or components are listed as impacted in the CNA data.

Risk and Exploitability

With a moderate CVSS score and no EPSS data, the exploitation probability is unclear but the vulnerability is already publicly disclosed and used. Attackers can reach the vulnerable endpoint remotely through a URL containing the fname parameter. Since the flaw resides in administrative code, it requires successful authentication or sufficient privileges to access /admin/judges.php. The CVE is not listed in the CISA KEV catalog.

Generated by OpenCVE AI on May 26, 2026 at 06:21 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Obtain and install the vendor‑supplied patch for Electronic Judging System 1.0 once it becomes available.
  • Restrict access to the /admin/judges.php endpoint to only authorized users and enforce strong authentication before any request is processed.
  • Sanitize and validate all user‑provided input for the fname parameter on both client and server sides to prevent script injection.

Generated by OpenCVE AI on May 26, 2026 at 06:21 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 26 May 2026 05:00:00 +0000

Type Values Removed Values Added
Description A vulnerability was determined in itsourcecode Electronic Judging System 1.0. This issue affects some unknown processing of the file /admin/judges.php. This manipulation of the argument fname causes cross site scripting. Remote exploitation of the attack is possible. The exploit has been publicly disclosed and may be utilized.
Title itsourcecode Electronic Judging System judges.php cross site scripting
First Time appeared Itsourcecode
Itsourcecode electronic Judging System
Weaknesses CWE-79
CWE-94
CPEs cpe:2.3:a:itsourcecode:electronic_judging_system:*:*:*:*:*:*:*:*
Vendors & Products Itsourcecode
Itsourcecode electronic Judging System
References
Metrics cvssV2_0

{'score': 5, 'vector': 'AV:N/AC:L/Au:N/C:N/I:P/A:N/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 4.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 5.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P'}

Subscriptions

Itsourcecode Electronic Judging System
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-05-26T03:45:11.199Z

Reserved: 2026-05-25T19:31:37.324Z

Link: CVE-2026-9527

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-05-26T05:16:18.687

Modified: 2026-05-26T05:16:18.687

Link: CVE-2026-9527

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-26T06:30:36Z

Weaknesses