Skip to main content

Wizgrade

1 CVEs product

Monthly

CVE-2026-15492 LOW Monitor

Cross-site scripting in igweze Wizgrade's dashboard/studentConductManager.php allows remote, unauthenticated attackers to inject and execute malicious scripts in a victim's browser upon interaction with a crafted request. The vulnerability was publicly disclosed with exploit code available (CVSS 4.0 E:P), and the vendor did not respond to pre-disclosure contact, leaving no official patch or remediation guidance. No active exploitation has been confirmed via CISA KEV, though the public exploit raises the risk of opportunistic targeting of school or academic institutions using this PHP-based student management system.

XSS PHP Wizgrade
NVD VulDB
CVSS 4.0
2.1
EPSS
0.4%
EPSS 0% CVSS 2.1
LOW Monitor

Cross-site scripting in igweze Wizgrade's dashboard/studentConductManager.php allows remote, unauthenticated attackers to inject and execute malicious scripts in a victim's browser upon interaction with a crafted request. The vulnerability was publicly disclosed with exploit code available (CVSS 4.0 E:P), and the vendor did not respond to pre-disclosure contact, leaving no official patch or remediation guidance. No active exploitation has been confirmed via CISA KEV, though the public exploit raises the risk of opportunistic targeting of school or academic institutions using this PHP-based student management system.

XSS PHP Wizgrade
NVD VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy