Cross-Site Scripting Vulnerability in SourceCodester Online Quiz System
CVE-2026-4973

5.1MEDIUM

Key Information:

Vendor: Sourcecodester
Status: Online Quiz System
Vendor: CVE Published:; 27 March 2026

🔔 Create Sourcecodester Vulnerability Alert

Badges

👾 Exploit Exists🟡 Public PoC

What is CVE-2026-4973?

A cross-site scripting vulnerability exists in the SourceCodester Online Quiz System, specifically within the add-question.php file. This vulnerability allows attackers to manipulate the quiz_question parameter, enabling them to inject malicious scripts. The remote exploitation potential of this vulnerability poses significant risks to users, as it can allow attackers to execute arbitrary script code in the context of the affected user’s browser.

Affected Version(s)

Online Quiz System 1.0

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2026-4973 - Proof of Concept