LeakyCreds
NewInstant webhook alerts now available — notified within seconds of any credential detection.Learn more →
Home / Vulnerability Intelligence / CVE-2026-7401

CVE-2026-7401 - Vulnerability Analysis

MediumCVSS: 4.3

Last Updated: April 29, 2026

SourceCodester CET Automated Grading System with AI Predictive Analytics - Stored XSS

Published: April 29, 2026Updated: April 29, 2026PoC AvailableRemote Exploitable

Overview

SourceCodester CET Automated Grading System with AI Predictive Analytics 1.0 contains a stored XSS caused by manipulation of student_id, full_name, section, or username parameters in /index.php?action=register, letting remote attackers execute scripts, exploit requires no special privileges.

Severity & Score

Severity: Medium
CVSS Score: 4.3

Impact

Remote attackers can execute arbitrary scripts in users' browsers, potentially stealing session data or performing actions on behalf of users.

Mitigation

Update to the latest version or apply patches that sanitize user inputs in the registration component.

References

Related Resources

Details

CVE ID
CVE-2026-7401
Severity
Medium
CVSS Score
4.3
Type
stored_xss
Status
rejected

CWE

  • CWE-79

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N