CVE-2026-5643

Name of the Vulnerable Software and Affected Versions Cyber-III Student-Management-System up to 1a938fa61e9f735078e9b291d2e6215b4942af3f

Description A cross-site scripting issue exists in the Admin Add Endpoint component, specifically within the file /admin/Add%20notice/notice.php. Manipulation of the $ SERVER['PHP SELF'] argument can lead to the execution of malicious scripts. The attack can be launched remotely. The exploit is publicly available.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.