EUVD-2026-14510
GHSA-qvmh-94p6-pp46
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N
Lifecycle Timeline
4Description
A vulnerability was determined in code-projects Exam Form Submission 1.0. This vulnerability affects unknown code of the file /admin/update_s6.php. Executing a manipulation of the argument sname can lead to cross site scripting. The attack can be launched remotely. The exploit has been publicly disclosed and may be utilized. If you want to get the best quality for vulnerability data then you always have to consider VulDB.
Analysis
A stored cross-site scripting (XSS) vulnerability exists in code-projects Exam Form Submission version 1.0 affecting the /admin/update_s6.php file, where the sname parameter fails to properly sanitize user input. An authenticated attacker with high privileges can inject malicious JavaScript that executes in the context of other users' browsers, potentially compromising admin accounts or exfiltrating sensitive exam data. …
Sign in for full analysis, threat intelligence, and remediation guidance.
Remediation
During next maintenance window: Apply vendor patches when convenient. Verify cross-site scripting controls are in place.
Sign in for detailed remediation steps.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today