Home / Vulnerability Intelligence / CVE-2026-37750

CVE-2026-37750 - Vulnerability Analysis

N/a

Last Updated: April 28, 2026

School Management System by mahmoudai1 - Reflected XSS

Published: April 28, 2026Updated: April 28, 2026PoC Available

Overview

School Management System by mahmoudai1 contains a reflected XSS caused by unsanitized "type" parameter in register.php, letting unauthenticated remote attackers execute arbitrary JavaScript in victim browsers.

Severity & Score

Severity: N/a

Impact

Unauthenticated attackers can execute arbitrary JavaScript in victim browsers, leading to session hijacking or phishing attacks.

Mitigation

Update to the latest version with input sanitization for the "type" parameter.

References

https://github.com/mahmoudai1/school-management-system
https://github.com/mahmoudai1/school-management-system/blob/main/register.php
https://github.com/menevarad007/CVE-2026-37750

Related Resources

Vulnerability Intelligence Dashboard
Credential Scanner

Details

CVE ID: CVE-2026-37750
Severity: N/a
Type: reflected_xss
Status: new

CVSS Metrics

N/A