CVE-2026-5644: Cyber-III XSS Vulnerability (≤1a938fa61e9f7350)
Plattform
php
Komponente
student-management-system
CVE-2026-5644 represents a Cross Site Scripting (XSS) vulnerability identified within the Cyber-III Student-Management-System. Successful exploitation allows an attacker to inject malicious scripts into web pages viewed by other users, potentially leading to session hijacking or defacement. This vulnerability affects versions of the system up to 1a938fa61e9f735078e9b291d2e6215b4942af3f, and due to the product's rolling release model, specific patched versions are not yet available.
So beheben
Kein offizieller Patch verfügbar. Prüfe auf Workarounds oder überwache auf Updates.
Häufig gestellte Fragen
What is CVE-2026-5644?
CVE-2026-5644 is a Cross Site Scripting (XSS) vulnerability in the Cyber-III Student-Management-System. It allows attackers to inject malicious scripts through manipulation of the $_SERVER['PHP_SELF'] parameter within the /admin/Add%20notice/batch-notice.php file.
Am I affected by CVE-2026-5644?
If you are using Cyber-III Student-Management-System version 1a938fa61e9f735078e9b291d2e6215b4942af3f or earlier, you are potentially affected by this vulnerability. Due to the rolling release nature of the product, determining exact affected/updated versions is difficult.
How can I fix or mitigate CVE-2026-5644?
Currently, no official patch is available for CVE-2026-5644. Mitigation strategies may include input validation and output encoding to prevent script injection. Monitor the project's announcements for updates.
Abhängigkeiten automatisch überwachen
Werde benachrichtigt, wenn neue Schwachstellen deine Projekte betreffen. Für immer kostenlos.
Kostenlos starten