Skip to main content

STUDENT-MANAGEMENT-SYSTEM CVE-2026-10112

| EUVD-2026-33451 LOW
Cross-site Scripting (XSS) (CWE-79)
2026-05-30 VulDB GHSA-2hcf-jmx4-h26p
XSS Student Management System
1.9
CVSS 4.0 · NVD

Severity by source

NVD PRIMARY
1.9 LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
High
User Interaction
P
Scope
X

Lifecycle Timeline

2
Analysis Generated
May 30, 2026 - 08:26 vuln.today
CVSS changed
May 30, 2026 - 08:22 NVD
2.4 (LOW) 1.9 (LOW)

DescriptionCVE.org

A vulnerability has been found in sambitraj STUDENT-MANAGEMENT-SYSTEM 1.0. Affected is an unknown function of the component Dashboard Page. The manipulation of the argument Name leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The project was informed of the problem early through an issue report but has not responded yet.

AnalysisAI

Cross-site scripting in sambitraj STUDENT-MANAGEMENT-SYSTEM 1.0 allows a high-privileged authenticated attacker to inject malicious script into the Name argument on the Dashboard Page, which executes in the browser of any user who subsequently views the affected page. The vulnerability requires both elevated privileges and victim interaction, placing real-world impact firmly in the low-to-negligible range despite network reachability. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts
Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Obtain high-privilege application credentials
Delivery
Authenticate to STUDENT-MANAGEMENT-SYSTEM
Exploit
Inject XSS payload into Name field on Dashboard Page
Execution
Victim user loads Dashboard Page
Impact
Malicious script executes in victim's browser context
Sign in to reveal

Vulnerability AssessmentAI

Exploitation Exploitation requires the attacker to possess a high-privilege authenticated session within STUDENT-MANAGEMENT-SYSTEM (CVSS PR:H) - unauthenticated or low-privilege users cannot trigger this vulnerability. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 4.0 base score of 1.9 accurately reflects the compound limitations of this vulnerability. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker who already holds a high-privilege account in the application navigates to the Dashboard Page and submits a crafted value in the Name field containing a JavaScript payload. When another authenticated user subsequently loads the Dashboard Page, the injected script executes in their browser session. …
Remediation No vendor-released patch has been identified at time of analysis. … Detailed patch versions, workarounds, and compensating controls in full report.
Sign in to read full assessment

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-10112 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy