CVE-2026-11534
LowCVSS 3.5Summary
A vulnerability was detected in the imvks786 student management system that allows for cross-site scripting (XSS) attacks through argument manipulation in the /add.php file. The attack can be executed remotely, and the exploit is now publicly available.
Risk Assessment
The organization is exposed to XSS attacks that could lead to user data theft or session hijacking. The lack of response from the project to the issue report increases the risk of this vulnerability being exploited.
Recommendation
It is recommended to immediately update the system to the latest version if available, and to monitor for any suspicious activity within the application. Additionally, consider implementing extra protections against XSS attacks.
Original NVD description (English source)
A vulnerability was detected in imvks786 student_management_system up to 9599b560ad3c3b83e75d328b76bedcd489ef1f46. Affected by this issue is some unknown functionality of the file /add.php. The manipulation of the argument name/address/fname results in cross site scripting. It is possible to launch the attack remotely. The exploit is now public and may be used. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available. The project was informed of the problem early through an issue report but has not responded yet.

