CVE-2026-3412
Cross-Site Scripting in itsourcecode University Management System Remote
Publication date: 2026-03-02
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| angeljudesuarez | university_management_system | 1.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
| CWE-94 | The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
[{'type': 'paragraph', 'content': "CVE-2026-3412 is a cross-site scripting (XSS) vulnerability in itsourcecode University Management System version 1.0, specifically in the file /att_single_view.php. The vulnerability occurs because the 'dt' parameter is not properly validated or encoded before being output to the web page. This allows attackers to inject and execute arbitrary malicious scripts in the victim's browser."}, {'type': 'paragraph', 'content': "The root cause is insufficient validation and output encoding of the 'dt' parameter, which leads to the execution of attacker-controlled scripts when a user interacts with the vulnerable page."}] [1, 2, 3]
How can this vulnerability impact me? :
[{'type': 'paragraph', 'content': "Exploitation of this vulnerability allows attackers to execute arbitrary JavaScript code in the victim's browser remotely without requiring authentication."}, {'type': 'list_item', 'content': 'Steal sensitive information such as cookies and session tokens.'}, {'type': 'list_item', 'content': 'Perform unauthorized actions on behalf of the victim user.'}, {'type': 'list_item', 'content': 'Deface web pages or redirect users to malicious websites.'}, {'type': 'list_item', 'content': 'Potentially take control of the victimβs browser.'}] [1, 2, 3]
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
[{'type': 'paragraph', 'content': 'This vulnerability can be detected by checking for the presence of the vulnerable file "/att_single_view.php" in the itsourcecode University Management System version 1.0 and testing the \'dt\' parameter for cross-site scripting (XSS) by injecting script payloads.'}, {'type': 'paragraph', 'content': "A practical detection method includes using a web browser or tools like curl or wget to send requests with XSS payloads in the 'dt' parameter and observing if the script executes or is reflected unencoded in the response."}, {'type': 'list_item', 'content': "Example test URL: http://[target]/ums/att_single_view.php?dt=<script>alert('XSS')</script>"}, {'type': 'list_item', 'content': 'Use curl command to test injection: curl -i "http://[target]/ums/att_single_view.php?dt=<script>alert(\'XSS\')</script>"'}, {'type': 'list_item', 'content': 'Use Google dorking to find potentially vulnerable targets: inurl:att_single_view.php'}] [2, 3]
What immediate steps should I take to mitigate this vulnerability?
[{'type': 'paragraph', 'content': 'Immediate remediation steps to mitigate this XSS vulnerability include:'}, {'type': 'list_item', 'content': "Implement proper output encoding of the 'dt' parameter based on the context (HTML, JavaScript, CSS, URL) to prevent execution of injected scripts."}, {'type': 'list_item', 'content': 'Apply strict input validation and filtering to allow only expected formats and reject or sanitize potentially malicious content such as script tags.'}, {'type': 'list_item', 'content': 'Deploy a Content Security Policy (CSP) to restrict script sources and block unauthorized inline or external scripts.'}, {'type': 'list_item', 'content': 'Set HttpOnly and Secure flags on cookies to prevent JavaScript access and ensure cookies are transmitted only over HTTPS.'}, {'type': 'list_item', 'content': 'Conduct regular security audits and code reviews to detect and fix XSS and other vulnerabilities promptly.'}, {'type': 'paragraph', 'content': 'If possible, consider replacing the affected component with a secure alternative.'}] [1, 2, 3]