Platform
php
Component
cve-1
Fixed in
1.0.1
CVE-2026-2939 describes a cross-site scripting (XSS) vulnerability discovered in itsourcecode Student Management System, specifically affecting version 1.0. This flaw allows attackers to inject malicious scripts into the application, potentially compromising user sessions and data integrity. The vulnerability resides within an unknown function of the /add_student/ file, and exploitation can be performed remotely. A public proof-of-concept is available, increasing the risk of exploitation.
Successful exploitation of CVE-2026-2939 enables an attacker to execute arbitrary JavaScript code within the context of a user's browser session. This can lead to various malicious actions, including session hijacking, phishing attacks, and defacement of the Student Management System. Sensitive student data, such as names, contact information, and academic records, could be exposed or modified. The remote nature of the vulnerability expands the potential attack surface, as attackers don't require local access to the system. The availability of a public proof-of-concept significantly lowers the barrier to entry for malicious actors.
CVE-2026-2939 has been publicly disclosed and a proof-of-concept is available, indicating a higher probability of exploitation. The vulnerability is not currently listed on CISA KEV. The LOW CVSS score reflects the relatively limited impact and ease of mitigation, but the public PoC necessitates prompt action. The vulnerability's location within the /add_student/ module suggests it may be triggered during student registration or profile updates.
Exploit Status
EPSS
0.04% (11% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2026-2939 is to upgrade to a patched version of itsourcecode Student Management System. Since a fixed version is not specified, immediate action is crucial. As a temporary workaround, implement strict input validation and output encoding on all user-supplied data, particularly within the /add_student/ module. Employ a Web Application Firewall (WAF) with XSS protection rules to filter malicious requests. Regularly scan the application for XSS vulnerabilities using automated tools. After implementing these mitigations, thoroughly test the application to ensure that the vulnerability has been effectively addressed.
Update the Student Management System to a patched version that resolves the Cross-Site Scripting (XSS) vulnerability in the Add Student module. If no version is available, review and filter user inputs in the Add Student module to prevent the injection of malicious code.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2026-2939 is a cross-site scripting (XSS) vulnerability affecting itsourcecode Student Management System version 1.0, allowing attackers to inject malicious scripts via the /add_student/ file.
If you are using itsourcecode Student Management System version 1.0, you are potentially affected by this vulnerability. Immediate action is recommended.
Upgrade to a patched version of itsourcecode Student Management System. As a temporary workaround, implement strict input validation and output encoding.
A public proof-of-concept exists, indicating a potential for active exploitation. Prompt mitigation is advised.
Please refer to itsourcecode's official website or security channels for the latest advisory regarding CVE-2026-2939.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.