NextGuard
UNKNOWNCVE-2026-4909

code-projects Exam Form Submission update_s7.php cross site scripting

Platform

php

Component

cve-niuzzz

View on NVD

A weakness has been identified in code-projects Exam Form Submission 1.0. This impacts an unknown function of the file /admin/update_s7.php. This manipulation of the argument sname causes cross site scripting. It is possible to initiate the attack remotely. The exploit has been made available to the public and could be used for attacks.

How to fix

Actualizar el software Exam Form Submission a una versión corregida que mitigue la vulnerabilidad XSS. Aplicar validación y sanitización de entrada en el parámetro 'sname' en el archivo /admin/update_s7.php para evitar la inyección de código malicioso. Considere utilizar funciones de escape específicas para el contexto de salida (HTML, JavaScript, etc.).

Monitor your dependencies automatically

Get notified when new vulnerabilities affect your projects. Free forever.

Start free
CVE-2026-4909 — Vulnerability Details | NextGuard | NextGuard