Plattform
php
Behoben in
1.0.1
CVE-2026-3412 describes a cross-site scripting (XSS) vulnerability discovered in the itsourcecode University Management System, specifically affecting version 1.0. This flaw resides within the /attsingleview.php file and allows attackers to inject malicious scripts via manipulation of the 'dt' argument. The vulnerability is remotely exploitable and a public proof-of-concept is now available, increasing the risk of exploitation.
Successful exploitation of CVE-2026-3412 allows an attacker to execute arbitrary JavaScript code within the context of a user's browser session on the University Management System. This can lead to various malicious outcomes, including session hijacking, defacement of the website, redirection to phishing sites, and theft of sensitive user data like login credentials or personal information. Given the public availability of a proof-of-concept, the risk of widespread exploitation is significant, particularly for systems with unpatched installations. The blast radius extends to all users accessing the affected page.
CVE-2026-3412 is currently considered a high-risk vulnerability due to the public availability of a proof-of-concept. While no active exploitation campaigns have been definitively confirmed, the ease of exploitation makes it a prime target for opportunistic attackers. The vulnerability was publicly disclosed on 2026-03-02. Monitor security advisories and threat intelligence feeds for updates.
Organizations utilizing the itsourcecode University Management System version 1.0, particularly those with publicly accessible instances or those lacking robust input validation practices, are at significant risk. Shared hosting environments where multiple users share the same server resources are also particularly vulnerable, as a compromise of one user's account could potentially impact others.
• php / web:
curl -I 'http://your-university-management-system/att_single_view.php?dt=<script>alert(1)</script>' | grep -i content-type• generic web:
grep -i 'dt=<script' /var/log/apache2/access.logdisclosure
Exploit-Status
EPSS
0.03% (9% Perzentil)
CISA SSVC
CVSS-Vektor
The primary mitigation for CVE-2026-3412 is to upgrade to a patched version of the itsourcecode University Management System. As no fixed version is currently specified, immediate action is crucial. In the absence of an upgrade, implement temporary mitigations such as deploying a Web Application Firewall (WAF) with rules to filter out malicious script injections targeting the 'dt' parameter in /attsingleview.php. Input validation on the server-side, specifically sanitizing or encoding user-supplied input before rendering it in the page, is also essential. Regularly review access and error logs for suspicious activity.
Aktualisieren auf eine gepatchte Version des University Management Systems. Wenn keine Version verfügbar ist, den Quellcode von `/att_single_view.php` überprüfen und die Eingabe des Parameters `dt` bereinigen, um die Ausführung von bösartigem JavaScript-Code zu verhindern.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2026-3412 is a cross-site scripting (XSS) vulnerability affecting version 1.0 of the itsourcecode University Management System, allowing attackers to inject malicious scripts via the /attsingleview.php file.
If you are using itsourcecode University Management System version 1.0 and have not applied a patch, you are likely affected by this vulnerability. Assess your instance immediately.
The recommended fix is to upgrade to a patched version of the University Management System. Until a patch is available, implement WAF rules and server-side input validation.
While no confirmed active exploitation campaigns are currently known, the public availability of a proof-of-concept suggests a high probability of exploitation.
Refer to the itsourcecode website or security mailing lists for the official advisory regarding CVE-2026-3412.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.