Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
4.8
Cross-site scripting vulnerability in Exam Form Submission 1.0
CVE-2026-4909
Summary
A security weakness in the Exam Form Submission 1.0 software allows attackers to inject malicious code on websites, potentially harming users. This weakness can be exploited remotely by anyone with the exploit. Website administrators should update the software to fix this issue.
Original title
A weakness has been identified in code-projects Exam Form Submission 1.0/7.php. This impacts an unknown function of the file /admin/update_s7.php. This manipulation of the argument sname causes cro...
Original description
A weakness has been identified in code-projects Exam Form Submission 1.0/7.php. This impacts an unknown function of the file /admin/update_s7.php. This manipulation of the argument sname causes cross site scripting. It is possible to initiate the attack remotely. The exploit has been made available to the public and could be used for attacks.
nvd CVSS2.0
3.3
nvd CVSS3.1
2.4
nvd CVSS4.0
4.8
Vulnerability type
CWE-79
Cross-site Scripting (XSS)
CWE-94
Code Injection
Published: 27 Mar 2026 · Updated: 27 Mar 2026 · First seen: 27 Mar 2026