CVE-2026-4973 PUBLISHED

A vulnerability was detected in SourceCodester Online Quiz System up to 1.0. Affected by this vulnerability is an unknown functionality of the file endpoint/add-question.php. Performing a manipulation of the argument quiz_question results in cross site scripting. It is possible to initiate the attack remotely. The exploit is now public and may be used.

• Anas22335 (VulDB User) reporter

• VDB-353860 | SourceCodester Online Quiz System add-question.php cross site scripting
• VDB-353860 | CTI Indicators (IOB, IOC, TTP, IOA)
• Submit #778101 | SourceCodester Online Quiz System 1.0 Cross Site Scripting
• https://gist.github.com/Mohdanass/5992b65cca5612c036f1d31d8d8f0646
• https://www.sourcecodester.com/

• Cross Site Scripting CWE
• Code Injection CWE