Home / Vulnerability Intelligence / CVE-2026-7222

CVE-2026-7222 - Vulnerability Analysis

LowCVSS: 3.5

Last Updated: April 28, 2026

code-projects Coaching Management System - Stored XSS

Published: April 28, 2026Updated: April 28, 2026PoC AvailableRemote Exploitable

Overview

code-projects Coaching Management System 1.0 contains a stored XSS caused by manipulation of the "Complaint" argument in /cims/modules/student/complaint.php Complaint Form Page, letting remote attackers execute scripts, exploit requires no special privileges.

Severity & Score

Severity: Low

CVSS Score: 3.5

Impact

Remote attackers can execute scripts in users' browsers, potentially stealing cookies or performing actions on behalf of users.

Mitigation

Update to the latest version or apply patches that sanitize input in Complaint Form Page.

References

https://github.com/Xmyronn/Stored-Cross-Site-Scripting-XSS-in-Coaching-Management-System.git
https://vuldb.com/submit/802264
https://vuldb.com/vuln/359822
https://vuldb.com/vuln/359822/cti
https://code-projects.org/

Related Resources

Vulnerability Intelligence Dashboard
Credential Scanner

Details

CVE ID: CVE-2026-7222
Severity: Low
CVSS Score: 3.5
Type: stored_xss
Status: new

CWE

CWE-79

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N