CVE-2026-2201

Name of the Vulnerable Software and Affected Versions ZeroWdd studentmanager versions prior to 2151560fc0a50ec00426785ec1e01a3763b380d9

Description A security issue exists in ZeroWdd studentmanager. The addLeave function within the src/main/java/com/wdd/studentmanager/controller/LeaveController.java file is susceptible to cross site scripting due to manipulation of the Reason for Leave argument. This attack can be initiated remotely. The exploit has been publicly disclosed. The product employs a rolling release model, making specific version details for updates unavailable. The project's code repository is no longer actively maintained.

Recommendations As a temporary workaround, consider disabling the addLeave() function until a fix is available. Sanitize the Reason for Leave input to prevent the injection of malicious scripts. Restrict access to the LeaveController.java file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.