CVE-2026-4577

Name of the Vulnerable Software and Affected Versions code-projects Exam Form Submission version 1.0

Description A cross-site scripting issue exists in code-projects Exam Form Submission 1.0. The issue is located in the file /admin/update s4.php and involves manipulation of the sname parameter. The attack can be initiated remotely. The exploit has been publicly released.

Recommendations Versions prior to 1.0 should be used. As a temporary workaround, consider restricting access to the /admin/update s4.php file to minimize the risk of exploitation.