CVE-2026-3982

LOW EPSS 18.4%

Published Mar 12, 20263mo ago · Modified Apr 29, 20262mo ago

2.1 CVSS 4.0

Low

Published Mar 12, 2026 3mo ago

Last Modified Apr 29, 2026 2mo ago

Description

A vulnerability was determined in itsourcecode University Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /view_result.php. Executing a manipulation of the argument vr can lead to cross site scripting. The attack can be executed remotely. The exploit has been publicly disclosed and may be utilized.

CVSS Details

Base Score

2.1

Exploitability

—

Impact

—

Vector string

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector Network

Attack Complexity Low

Privileges Required None

User Interaction P

Scope X

Threat Intelligence

EPSS Exploit Probability

18.4% percentile

Exploit & Patch Status

No Known Exploit

No Patch Available

Weaknesses 2

CWE-79 Cross-site Scripting Injection

CWE-94 Improper Control of Generation of Code (Code Injection) Injection

References 5

github.com https://github.com/PIPIzzz1/aaa/issues/1
itsourcecode.com https://itsourcecode.com/
vuldb.com https://vuldb.com/?ctiid.350417
vuldb.com https://vuldb.com/?id.350417
vuldb.com https://vuldb.com/?submit.769668

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.