CVE-2026-4575 describes a Cross-Site Scripting (XSS) vulnerability discovered in code-projects Exam Form Submission, specifically impacting version 1.0. This flaw arises from improper handling of the 'sname' argument within the /admin/update_s2.php file, enabling attackers to inject malicious scripts. A public exploit is already available, increasing the risk of immediate exploitation.
Successful exploitation of CVE-2026-4575 allows an attacker to execute arbitrary JavaScript code within the context of a user's browser session on the Exam Form Submission application. This can lead to various malicious outcomes, including session hijacking, defacement of the application's administrative interface, and theft of sensitive user data, such as login credentials or personally identifiable information (PII). Given the publicly available exploit, the risk of widespread exploitation is significant, particularly for systems with unpatched installations.
CVE-2026-4575 has a public exploit available, indicating a high likelihood of exploitation. The vulnerability was disclosed on 2026-03-23. It is not currently listed on CISA KEV, but the availability of a public exploit warrants close monitoring and immediate patching.
Exploit Status
EPSS
0.03% (9% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2026-4575 is to upgrade to a patched version of code-projects Exam Form Submission. Since a fixed version is not specified, thoroughly review the vendor's website or repository for updates. As a temporary workaround, implement strict input validation and sanitization on the 'sname' parameter within the /admin/update_s2.php file. Consider using a Web Application Firewall (WAF) with XSS filtering rules to block malicious requests. Regularly monitor application logs for suspicious activity, such as unusual JavaScript execution patterns.
Actualizar a una versión parcheada o aplicar las medidas de seguridad necesarias para evitar la inyección de código malicioso a través del parámetro 'sname' en el archivo /admin/update_s2.php. Validar y limpiar las entradas del usuario para prevenir ataques XSS.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2026-4575 is a Cross-Site Scripting (XSS) vulnerability in code-projects Exam Form Submission version 1.0, allowing attackers to inject malicious scripts via the /admin/update_s2.php file.
If you are using code-projects Exam Form Submission version 1.0 and have not applied a patch, you are likely affected by this vulnerability.
Upgrade to a patched version of code-projects Exam Form Submission. If a patch is not available, implement input validation and sanitization on the 'sname' parameter and consider using a WAF.
Yes, a public exploit is available, indicating a high probability of active exploitation.
Check the code-projects website or repository for official advisories and updates related to CVE-2026-4575.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.