PT-2026-24921 · Itsourcecode · University Event Management System

Pipizzz

Publicado

2026-03-12

Atualizado

2026-03-12

CVE-2026-3982

CVSS v2.0

5.0

Média

Vetor

AV:N/AC:L/Au:N/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions itsourcecode University Management System version 1.0

Description A flaw exists in itsourcecode University Management System that allows for cross site scripting. This issue is related to an unknown functionality within the /view result.php file. Manipulating the vr argument can trigger the flaw, allowing for remote execution of attacks. The exploit for this issue has been publicly disclosed.

Recommendations Versions prior to 1.0 should be updated. As a temporary workaround, consider restricting access to the /view result.php file to minimize the risk of exploitation. Avoid manipulating the vr argument in the affected API endpoint until the issue is resolved.

Exploit

Correção

Code Injection

XSS

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-94CWE-79

Identificadores relacionados

CVE-2026-3982

Produtos afetados

University Event Management System

PT-2026-24921 · Itsourcecode · University Event Management System

CVE-2026-3982

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 10