Code Projects · Online Student Management System · CVE-2026-2156
**Name of the Vulnerable Software and Affected Versions**
code-projects Online Student Management System version 1.0
**Description**
A flaw exists in the Announcement Management Module of code-projects Online Student Management System. This issue allows for cross site scripting through an unknown function within the file `/admin/announcement/index.php?view=add`. The attack can be carried out remotely, and an exploit has been publicly released.
**Recommendations**
At the moment, there is no information about a newer version that contains a fix for this vulnerability.