PT-2026-27032 · Code Projects · Exam Form Submission

Sgwt

Published

2026-03-22

Updated

2026-03-23

CVE-2026-4557

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions code-projects Exam Form Submission version 1.0

Description A cross-site scripting issue exists in code-projects Exam Form Submission version 1.0. The issue is located in the file /admin/update s1.php. Manipulation of the sname argument can trigger the issue. The attack can be initiated remotely. The exploit is publicly available.

Recommendations Apply any available updates to address the issue in the /admin/update s1.php file. As a temporary workaround, sanitize the sname argument to prevent cross-site scripting. Restrict access to the /admin/update s1.php file to authorized personnel only.

Exploit

Fix

XSS

Code Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79CWE-94

Related Identifiers

CVE-2026-4557

Affected Products

Exam Form Submission

PT-2026-27032 · Code Projects · Exam Form Submission

CVE-2026-4557

Weakness Enumeration

Related Identifiers

Affected Products

References · 8