Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
4.8
itsourcecode Student Management System allows attackers to inject malicious code
CVE-2026-2939
Summary
A security issue in itsourcecode Student Management System 1.0 allows attackers to inject malicious code into the system, potentially allowing them to access and manipulate sensitive data. This could happen if a user visits a specially crafted website or clicks on a malicious link. The company has not yet released a fix, so it's essential to avoid using this version until it's patched.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| itsourcecode | student_management_system | 1.0 | – |
Original title
A vulnerability was found in itsourcecode Student Management System 1.0. The impacted element is an unknown function of the file /add_student/ of the component Add Student Module. The manipulation ...
Original description
A vulnerability was found in itsourcecode Student Management System 1.0. The impacted element is an unknown function of the file /add_student/ of the component Add Student Module. The manipulation results in cross site scripting. It is possible to launch the attack remotely. The exploit has been made public and could be used.
nvd CVSS2.0
3.3
nvd CVSS3.1
4.8
nvd CVSS4.0
4.8
Vulnerability type
CWE-79
Cross-site Scripting (XSS)
CWE-94
Code Injection
- https://drive.google.com/file/d/1a-qY55pgynQviBw9UxPoIDs-UNgz6zOH/view Exploit
- https://github.com/AS-AbdulSamad/CVE-1/tree/main Exploit Third Party Advisory
- https://itsourcecode.com/ Product
- https://vuldb.com/?ctiid.347311 Permissions Required VDB Entry
- https://vuldb.com/?id.347311 Third Party Advisory VDB Entry
- https://vuldb.com/?submit.755977 Third Party Advisory VDB Entry
Published: 22 Feb 2026 · Updated: 12 Mar 2026 · First seen: 6 Mar 2026