imvks786 student_management_system add.php cross site scripting
CVE-2026-11534

5.1MEDIUM

Key Information:

Vendor

Imvks786

Status
Student Management System
Vendor
CVE Published:
8 June 2026

Badges

👾 Exploit Exists🟡 Public PoC

What is CVE-2026-11534?

A vulnerability was detected in imvks786 student_management_system up to 9599b560ad3c3b83e75d328b76bedcd489ef1f46. Affected by this issue is some unknown functionality of the file /add.php. The manipulation of the argument name/address/fname results in cross site scripting. It is possible to launch the attack remotely. The exploit is now public and may be used. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available. The project was informed of the problem early through an issue report but has not responded yet.

Affected Version(s)

student_management_system 9599b560ad3c3b83e75d328b76bedcd489ef1f46

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2026-11534 - Proof of Concept

References

https://vuldb.com/vuln/369151
vdb-entrytechnical-description
https://vuldb.com/vuln/369151/cti
signaturepermissions-required
https://vuldb.com/cve/CVE-2026-11534
third-party-advisory

CVSS V4

Score:
5.1
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
Unknown

Timeline

  • 🟡

    Public PoC available

  • 👾

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

Credit

Marry_2026 (VulDB User)
VulDB CNA Team
.