Platform
php
Component
exam-form-submission
Fixed in
1.0.1
CVE-2026-4595 is a cross-site scripting (XSS) vulnerability identified in Exam Form Submission version 1.0. This flaw allows an attacker to inject malicious scripts into the application, potentially compromising user data and session integrity. The vulnerability resides within the /admin/update_s6.php file and is triggered by manipulating the 'sname' argument. While the CVSS score is LOW, public disclosure means exploitation is possible.
Successful exploitation of CVE-2026-4595 allows an attacker to execute arbitrary JavaScript code within the context of a user's browser session. This can lead to various malicious actions, including session hijacking, defacement of the application's administrative interface, and theft of sensitive information such as user credentials or exam data. The remote nature of the vulnerability means an attacker does not need to be on the same network as the application to exploit it. Given the publicly disclosed nature of the exploit, it is likely that automated scanning tools are already attempting to identify and exploit vulnerable instances.
CVE-2026-4595 has been publicly disclosed, indicating a higher probability of exploitation. The vulnerability is present in Exam Form Submission 1.0 and is accessible remotely. The availability of a public exploit increases the risk of automated attacks. No KEV listing or EPSS score is currently available.
Exploit Status
EPSS
0.03% (9% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2026-4595 is to upgrade to a patched version of Exam Form Submission. Since a fixed version is not specified, thorough testing of any upgrade is crucial to avoid introducing new issues. As a temporary workaround, implement strict input validation and sanitization on the 'sname' parameter within /admin/updates6.php. This should include escaping any potentially malicious characters. Consider implementing a Web Application Firewall (WAF) with rules to detect and block XSS attempts targeting this specific endpoint. Regularly review access logs for suspicious activity related to /admin/updates6.php.
Actualice el plugin Exam Form Submission a la última versión disponible para mitigar la vulnerabilidad de XSS. Verifique las fuentes oficiales del plugin para obtener instrucciones de actualización y parches de seguridad. Implemente medidas de validación y escape de entrada para prevenir futuros ataques XSS.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2026-4595 is a cross-site scripting vulnerability in Exam Form Submission version 1.0, affecting the /admin/update_s6.php file. It allows attackers to inject malicious scripts via the 'sname' parameter.
If you are using Exam Form Submission version 1.0, you are potentially affected. Upgrade to a patched version as soon as possible.
Upgrade to a patched version of Exam Form Submission. If upgrading is not immediately possible, implement strict input validation and sanitization on the 'sname' parameter and consider using a WAF.
Due to the public disclosure of the exploit, it is likely that CVE-2026-4595 is being actively exploited or targeted by automated scanning tools.
Refer to the code-projects website or relevant security mailing lists for the official advisory regarding CVE-2026-4595.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.