Cross Site Scripting Vulnerability in Igweze Wizgrade Software
CVE-2026-15492

5.3MEDIUM

Key Information:

Vendor

Igweze

Status
Vendor
CVE Published:
12 July 2026

What is CVE-2026-15492?

A security flaw has been identified in the Igweze Wizgrade software, specifically in the dashboard/studentConductManager.php file, potentially allowing attackers to exploit the system via cross site scripting (XSS). This vulnerability can be triggered remotely, leading to unauthorized manipulation of web pages within the application. The software uses a rolling release system, meaning that specific version information for affected or patched releases is not readily available. Despite earlier notifications to the vendor regarding this issue, no response has been received.

Affected Version(s)

wizgrade b1d55f22b90cd7e7a6e5002f006d7c649e8086d6

References

CVSS V4

Score:
5.3
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
Unknown

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Dest1ny_1 (VulDB User)
VulDB CNA Team
.