Platform
php
Opgelost in
1.0.1
CVE-2026-4575 describes a Cross-Site Scripting (XSS) vulnerability discovered in code-projects Exam Form Submission, specifically impacting version 1.0. This flaw arises from improper handling of the 'sname' argument within the /admin/update_s2.php file, enabling attackers to inject malicious scripts. A public exploit is already available, increasing the risk of immediate exploitation.
Successful exploitation of CVE-2026-4575 allows an attacker to execute arbitrary JavaScript code within the context of a user's browser session on the Exam Form Submission application. This can lead to various malicious outcomes, including session hijacking, defacement of the application's administrative interface, and theft of sensitive user data, such as login credentials or personally identifiable information (PII). Given the publicly available exploit, the risk of widespread exploitation is significant, particularly for systems with unpatched installations.
CVE-2026-4575 has a public exploit available, indicating a high likelihood of exploitation. The vulnerability was disclosed on 2026-03-23. It is not currently listed on CISA KEV, but the availability of a public exploit warrants close monitoring and immediate patching.
Organizations utilizing code-projects Exam Form Submission version 1.0, particularly those with publicly accessible administrative interfaces, are at significant risk. Shared hosting environments where multiple users share the same server instance are also vulnerable, as an attacker could potentially compromise other applications on the same server.
• php / web: Examine access logs for requests to /admin/update_s2.php containing unusual or suspicious characters in the 'sname' parameter.
grep 'sname=[^a-zA-Z0-9_ ]+' /var/log/apache2/access.log• php / web: Search application files for instances where the 'sname' parameter is used without proper sanitization or encoding.
grep -r 'sname =' /var/www/html/code-projects/Exam Form Submission/disclosure
Exploit Status
EPSS
0.03% (9% percentiel)
CISA SSVC
CVSS-vector
The primary mitigation for CVE-2026-4575 is to upgrade to a patched version of code-projects Exam Form Submission. Since a fixed version is not specified, thoroughly review the vendor's website or repository for updates. As a temporary workaround, implement strict input validation and sanitization on the 'sname' parameter within the /admin/update_s2.php file. Consider using a Web Application Firewall (WAF) with XSS filtering rules to block malicious requests. Regularly monitor application logs for suspicious activity, such as unusual JavaScript execution patterns.
Actualizar a una versión parcheada o aplicar las medidas de seguridad necesarias para evitar la inyección de código malicioso a través del parámetro 'sname' en el archivo /admin/update_s2.php. Validar y limpiar las entradas del usuario para prevenir ataques XSS.
Kwetsbaarheidsanalyses en kritieke waarschuwingen direct in uw inbox.
CVE-2026-4575 is a Cross-Site Scripting (XSS) vulnerability in code-projects Exam Form Submission version 1.0, allowing attackers to inject malicious scripts via the /admin/update_s2.php file.
If you are using code-projects Exam Form Submission version 1.0 and have not applied a patch, you are likely affected by this vulnerability.
Upgrade to a patched version of code-projects Exam Form Submission. If a patch is not available, implement input validation and sanitization on the 'sname' parameter and consider using a WAF.
Yes, a public exploit is available, indicating a high probability of active exploitation.
Check the code-projects website or repository for official advisories and updates related to CVE-2026-4575.
Upload je dependency-bestand en kom direct te weten of deze en andere CVEs jou raken.