EUVD-2026-17058

| CVE-2026-5106 MEDIUM

2026-03-30 VulDB

GHSA-jc9w-4gwg-hjf5

4.8

CVSS 4.0

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Network

Attack Complexity

Low

Privileges Required

High

User Interaction

Scope

Lifecycle Timeline

PoC Detected

Mar 30, 2026 - 15:39 vuln.today

Public exploit code

Analysis Generated

Mar 30, 2026 - 04:45 vuln.today

EUVD ID Assigned

Mar 30, 2026 - 04:45 euvd

EUVD-2026-17058

CVE Published

Mar 30, 2026 - 04:00 nvd

MEDIUM 4.8

Description

A flaw has been found in code-projects Exam Form Submission 1.0. The impacted element is an unknown function of the file /admin/update_fst.php. Executing a manipulation of the argument sname can lead to cross site scripting. It is possible to launch the attack remotely. The exploit has been published and may be used.

Analysis

Reflected cross-site scripting (XSS) in code-projects Exam Form Submission 1.0 allows authenticated remote attackers to inject malicious scripts via the sname parameter in /admin/update_fst.php, affecting user sessions with administrator privileges. The vulnerability requires user interaction (UI:R) and carries a low CVSS score of 2.4 due to the requirement for prior administrative authentication (PR:H), but publicly available exploit code exists and may be actively used. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +0.0

CVSS: +24

POC: +20

EUVD-2026-17058 vulnerability details – vuln.today

Back

EUVD-2026-17058

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Analysis

Full analysis requires sign-in

Priority Score

Share

EUVD-2026-17058

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Full analysis requires sign-in

Priority Score

Share

External POC / Exploit Code