Cross-Site Scripting Vulnerability in Cyber-III Student-Management-System
CVE-2026-5668

4.8MEDIUM

Key Information:

Vendor: Cyber-iii
Status: Student-management-system
Vendor: CVE Published:; 6 April 2026

Badges

👾 Exploit Exists🟡 Public PoC

What is CVE-2026-5668?

A security flaw has been identified in the Cyber-III Student-Management-System, which impacts the /admin/Add%20notice/add%20notice.php file. This vulnerability arises from improper handling of the $_SERVER['PHP_SELF'] parameter, allowing a potential attacker to exploit cross-site scripting (XSS) vulnerabilities remotely. Despite the project maintainers being notified early about the issue, there has been no responsive action taken. The product uses a rolling release model, making it difficult to ascertain the extent of affected versions or the schedule for updates.

Affected Version(s)

Student-Management-System 1a938fa61e9f735078e9b291d2e6215b4942af3f

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2026-5668 - Proof of Concept

References

https://vuldb.com/vuln/355490

vdb-entrytechnical-description

https://vuldb.com/vuln/355490/cti

signaturepermissions-required

https://vuldb.com/submit/785895

third-party-advisory

CVSS V4

Score:

4.8

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

🟡
Public PoC available
Apr 6, 2026
👾
Exploit known to exist
Apr 6, 2026
Vulnerability published
Apr 6, 2026
Vulnerability Reserved
Apr 6, 2026

Credit

saberhcx (VulDB User)

VulDB CNA Team

CVE-2026-5668 Data

JSON

Cyber-iii

Badges

What is CVE-2026-5668?

Affected Version(s)

Exploit Proof of Concept (PoC)

References

CVSS V4

Timeline

Credit