प्लेटफ़ॉर्म
php
में ठीक किया गया
1.0.1
CVE-2026-4577 describes a cross-site scripting (XSS) vulnerability discovered in code-projects Exam Form Submission version 1.0. This flaw allows an attacker to inject malicious scripts into the application, potentially compromising user data and session integrity. The vulnerability resides within the /admin/update_s4.php file, specifically in an unknown function. A public exploit is available, increasing the risk of exploitation.
Successful exploitation of CVE-2026-4577 enables an attacker to execute arbitrary JavaScript code within the context of a user's browser session. This can lead to various malicious activities, including session hijacking, credential theft, and defacement of the application's interface. The attacker could potentially gain access to sensitive data stored within the application or redirect users to malicious websites. Given the public availability of an exploit, the risk of exploitation is elevated, particularly for systems that are not promptly patched.
CVE-2026-4577 has been publicly disclosed and a proof-of-concept exploit is available, indicating a moderate risk of exploitation. The vulnerability is not currently listed on CISA KEV. The LOW CVSS score reflects the relatively simple nature of the exploit and the potential for limited impact, but the public availability of the exploit warrants immediate attention.
Administrators and users of Exam Form Submission 1.0 are at risk. Systems with weak input validation or lacking a WAF are particularly vulnerable. Shared hosting environments utilizing this software are also at increased risk due to the potential for cross-tenant exploitation.
• php / server:
grep -r 'sname' /var/www/html/admin/update_s4.php• generic web:
curl -I http://your-exam-form-submission-url/admin/update_s4.php?sname=<script>alert(1)</script>• generic web:
curl 'http://your-exam-form-submission-url/admin/update_s4.php?sname=<img src=x onerror=alert(1)>' -s -o /dev/null -w '%{http_code}
'disclosure
एक्सप्लॉइट स्थिति
EPSS
0.03% (9% शतमक)
CISA SSVC
CVSS वेक्टर
The primary mitigation for CVE-2026-4577 is to upgrade to a patched version of Exam Form Submission. Since a fixed version is not specified, thoroughly review the code-projects repository for updates and security advisories. As a temporary workaround, implement strict input validation and output encoding on the 'sname' parameter within the /admin/update_s4.php file. Consider using a Web Application Firewall (WAF) with XSS filtering rules to block malicious requests. After applying mitigation steps, verify the fix by attempting to inject a simple XSS payload (e.g., <script>alert(1)</script>) through the 'sname' parameter and confirming that it is properly sanitized.
एक पैच किए गए संस्करण में अपडेट करें या '/admin/update_s4.php' फ़ाइल में 'sname' पैरामीटर के माध्यम से दुर्भावनापूर्ण कोड इंजेक्शन को रोकने के लिए आवश्यक सुरक्षा उपाय लागू करें। XSS हमलों को रोकने के लिए उपयोगकर्ता इनपुट को मान्य और साफ़ करना महत्वपूर्ण है।
भेद्यता विश्लेषण और गंभीर अलर्ट सीधे आपके ईमेल में।
CVE-2026-4577 is a cross-site scripting (XSS) vulnerability in Exam Form Submission 1.0, allowing attackers to inject malicious scripts via the 'sname' parameter in /admin/update_s4.php.
If you are using Exam Form Submission version 1.0 and have not applied a patch, you are potentially affected by this XSS vulnerability.
Upgrade to a patched version of Exam Form Submission. If a patch is unavailable, implement strict input validation and output encoding on the 'sname' parameter and consider a WAF.
A public exploit exists, indicating a potential for active exploitation. Prompt mitigation is recommended.
Refer to the code-projects repository and associated security advisories for updates and information regarding CVE-2026-4577.
अपनी डिपेंडेंसी फ़ाइल अपलोड करें और तुरंत जानें कि यह CVE और अन्य आपको प्रभावित करती हैं या नहीं।