Cross Site Scripting Vulnerability in SourceCodester CET Automated Grading System
CVE-2026-12176

5.3MEDIUM

Key Information:

Vendor

Sourcecodester
Status
Cet Automated Grading System With Ai Predictive Analytics
Vendor
CVE Published:
13 June 2026

What is CVE-2026-12176?

A vulnerability exists in SourceCodester CET Automated Grading System with AI Predictive Analytics 1.0, specifically in an undefined function within /index.php. This flaw allows attackers to manipulate the 'action' argument, which could lead to Cross Site Scripting (XSS) attacks. These attacks can be executed remotely, making this issue particularly concerning as it exposes users to potential data theft and malicious exploitation.

Affected Version(s)

CET Automated Grading System with AI Predictive Analytics 1.0

References

https://vuldb.com/vuln/370818
vdb-entrytechnical-description
https://vuldb.com/vuln/370818/cti
signaturepermissions-required
https://vuldb.com/cve/CVE-2026-12176
third-party-advisory

CVSS V4

Score:
5.3
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
Unknown

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Abhay mp (VulDB User)
VulDB Vulnerability Moderation Team
.