CVE-2026-5644: Cyber-III XSS Vulnerability (≤1a938fa61e9f7350)
Platform
php
Component
student-management-system
A Cross Site Scripting (XSS) vulnerability exists within the Cyber-III Student-Management-System, specifically affecting versions up to 1a938fa61e9f735078e9b291d2e6215b4942af3f. This flaw allows attackers to inject malicious scripts via manipulation of the $_SERVER['PHP_SELF'] argument within the /admin/Add%20notice/batch-notice.php file, potentially leading to unauthorized access or data compromise. Due to the product's rolling release model, specific affected and updated versions are not readily available; however, the project has been notified of the issue.
How to fix
Actualice el Student-Management-System a una versión corregida. Debido a la naturaleza de las actualizaciones continuas, consulte la documentación del proveedor o contacte con el soporte para obtener información sobre las versiones corregidas y los pasos de actualización. El proyecto no ha respondido a los informes de problemas, por lo que es crucial monitorear las actualizaciones del proveedor.
Frequently asked questions
What is CVE-2026-5644?
CVE-2026-5644 is a Cross Site Scripting (XSS) vulnerability found in Cyber-III Student-Management-System versions up to 1a938fa61e9f735078e9b291d2e6215b4942af3f. It allows attackers to inject malicious scripts into the system.
Am I affected by this vulnerability?
If you are using Cyber-III Student-Management-System version 1a938fa61e9f735078e9b291d2e6215b4942af3f or earlier, you are potentially affected. Due to the rolling release nature of the product, determining the exact affected versions can be challenging.
How can I fix or mitigate this vulnerability?
As of now, no official patch is available. Monitor the Cyber-III project's announcements for updates. Implement input validation and output encoding to mitigate the risk of XSS attacks.
Monitor your dependencies automatically
Get notified when new vulnerabilities affect your projects. Free forever.
Start free