Cross Site Scripting Vulnerability in Akpali9 Attendance-Management-System
CVE-2026-15493

5.1MEDIUM

Key Information:

Vendor

Akpali9

Vendor
CVE Published:
12 July 2026

What is CVE-2026-15493?

A cross site scripting vulnerability exists in the Akpali9 Attendance-Management-System, specifically related to the processing of the absent.php file. An attacker can exploit this flaw by manipulating the export_date argument, potentially executing arbitrary scripts in the context of the user's browser. This vulnerability allows for remote attacks, putting user data and session integrity at risk. As this product utilizes a rolling release model, specific version information is not made available, creating challenges for timely updates and mitigation strategies. Despite early notification, the vendor has not responded to address the security concern.

Affected Version(s)

Attendance-Management-System 70b91fe38f4195b701a45f0edcd4f42d5f64aeee

References

CVSS V4

Score:
5.1
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
Unknown

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Dest1ny_2 (VulDB User)
VulDB CNA Team
.