Platform
php
Component
public
Fixed in
1.0.1
CVE-2026-4474 describes a cross-site scripting (XSS) vulnerability discovered in itsourcecode University Management System, specifically affecting version 1.0. This flaw allows attackers to inject malicious scripts through manipulation of the 'stname' parameter within the /adminsinglestudentupdate.php file. A public exploit has been released, increasing the potential for exploitation. Mitigation strategies include upgrading the system and implementing web application firewall (WAF) rules.
Successful exploitation of CVE-2026-4474 allows an attacker to execute arbitrary JavaScript code in the context of a user's browser session on the University Management System. This can lead to various malicious actions, including session hijacking, credential theft, and defacement of the application. An attacker could potentially gain access to sensitive student data or administrative functionalities depending on the user's privileges. The published exploit significantly lowers the barrier to entry for attackers, increasing the risk of widespread exploitation.
CVE-2026-4474 has a LOW CVSS score of 2.4. A public proof-of-concept exploit is available, indicating a relatively high probability of exploitation. The vulnerability was disclosed on 2026-03-20. No KEV listing or confirmed exploitation campaigns are currently known.
Exploit Status
EPSS
0.03% (9% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2026-4474 is to upgrade to a patched version of itsourcecode University Management System. Since a fixed version is not specified, immediate action is critical. As a temporary workaround, implement strict input validation and sanitization on the 'stname' parameter within the /adminsinglestudentupdate.php file. Deploy a Web Application Firewall (WAF) with rules to detect and block XSS payloads targeting this specific endpoint. Monitor access logs for suspicious activity related to the /adminsinglestudent_update.php file.
Update to a patched version of the university management system. Contact the vendor for a corrected version or apply the necessary security measures to prevent the execution of malicious scripts in the st_name field.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2026-4474 is a cross-site scripting (XSS) vulnerability in itsourcecode University Management System version 1.0, allowing attackers to inject malicious scripts via the 'stname' parameter in /adminsinglestudentupdate.php.
If you are using itsourcecode University Management System version 1.0, you are potentially affected by this vulnerability. Upgrade as soon as possible.
Upgrade to a patched version of itsourcecode University Management System. If a patch is unavailable, implement input validation and WAF rules as temporary mitigations.
A public proof-of-concept exploit is available, suggesting a potential for active exploitation. Monitor your system closely.
Consult the itsourcecode website or relevant security mailing lists for the official advisory regarding CVE-2026-4474.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.