Platform
php
Fixed in
2.1.1
A cross-site scripting (XSS) vulnerability has been identified in the Division Regional Athletic Meet Game Result Matrix System, specifically within the save-games.php file. This flaw allows attackers to inject malicious scripts into the system, potentially compromising user accounts and data. The vulnerability affects version 2.1 and has a CVSS score of 3.5 (LOW). A public exploit is available, increasing the risk of immediate exploitation.
Successful exploitation of CVE-2026-3983 allows an attacker to execute arbitrary JavaScript code within the context of a user's browser session. This can lead to various malicious actions, including session hijacking, phishing attacks, and defacement of the application. Sensitive information, such as user credentials, personal data, and game progress, could be stolen. The impact is amplified if the application is used in a sensitive environment or handles confidential data. The availability of a public exploit significantly increases the likelihood of widespread exploitation.
CVE-2026-3983 has a LOW CVSS score, but the availability of a public proof-of-concept (PoC) significantly elevates the risk. The vulnerability was disclosed on 2026-03-12. There is no indication of active exploitation campaigns at this time, but the ease of exploitation suggests it could be targeted by opportunistic attackers. This vulnerability is not currently listed on the CISA KEV catalog.
Exploit Status
EPSS
0.03% (9% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2026-3983 is to upgrade to a patched version of the Division Regional Athletic Meet Game Result Matrix System. If upgrading is not immediately feasible, implement a Web Application Firewall (WAF) rule to filter out malicious input in the game_name parameter. Specifically, look for unusual characters or patterns commonly used in XSS payloads. Input validation and sanitization on the server-side can also help prevent the injection of malicious scripts. Regularly review and update WAF rules to address emerging threats.
Update the Division Regional Athletic Meet Game Result Matrix System to a patched version that resolves the Cross-Site Scripting (XSS) vulnerability in the save-games.php file. Consult the vendor for the corrected version or apply necessary security measures to prevent manipulation of the game_name argument.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2026-3983 is a cross-site scripting (XSS) vulnerability in the save-games.php file of the Division Regional Athletic Meet Game Result Matrix System 2.1, allowing attackers to inject malicious scripts.
If you are using version 2.1 of the Division Regional Athletic Meet Game Result Matrix System, you are potentially affected by this vulnerability.
Upgrade to a patched version of the system. As an interim measure, implement a WAF rule to filter malicious input in the game_name parameter.
While there is no confirmed active exploitation, a public proof-of-concept exists, increasing the risk of attacks.
Refer to the vendor's official website or security advisory channels for the latest information and updates regarding CVE-2026-3983.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.