CVE-2026-4356 PUBLISHED

A flaw has been found in itsourcecode University Management System 1.0. Affected is an unknown function of the file /add_result.php. Executing a manipulation of the argument vr can lead to cross site scripting. The attack may be launched remotely. The exploit has been published and may be used.

• sulvant (VulDB User) reporter

• VDB-351395 | itsourcecode University Management System add_result.php cross site scripting
• VDB-351395 | CTI Indicators (IOB, IOC, TTP, IOA)
• Submit #772854 | itsourcecode University Management System V1.0 cross site scripting
• https://github.com/sulvant/Security/issues/2
• https://itsourcecode.com/

• Cross Site Scripting CWE
• Code Injection CWE