CVE-2026-4578

Name of the Vulnerable Software and Affected Versions code-projects Exam Form Submission version 1.0

Description A cross-site scripting issue exists in code-projects Exam Form Submission 1.0. The issue is related to manipulating the sname argument of an unknown function within the /admin/update s3.php file. This manipulation can lead to cross-site scripting, and the attack can be launched remotely. The exploit has been publicly disclosed.

Recommendations Update to a newer version of code-projects Exam Form Submission that addresses this issue. As a temporary workaround, restrict access to the /admin/update s3.php file to minimize the risk of exploitation. Avoid using the sname parameter in the affected file until the issue is resolved.