CVE-2026-12176

4.3 MEDIUM

A vulnerability has been found in SourceCodester CET Automated Grading System with AI Predictive Analytics 1.0

Published: 2026-06-14 · Last updated: 2026-06-14

Severity and scoring

CVSS: 4.3 MEDIUM
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
CWE: CWE-79, CWE-94

Description

A vulnerability has been found in SourceCodester CET Automated Grading System with AI Predictive Analytics 1.0. The impacted element is an unknown function of the file /index.php. The manipulation of the argument action leads to cross site scripting. The attack is possible to be carried out remotely. The exploit has been disclosed to the public and may be used.

Source: NVD

References

[NVD]https://nvd.nist.gov/vuln/detail/CVE-2026-12176
[Other]https://vuldb.com/cve/CVE-2026-12176
[Other]https://vuldb.com/submit/837732
[Other]https://vuldb.com/vuln/370818
[Other]https://vuldb.com/vuln/370818/cti
[Other]https://www.sourcecodester.com/

Related CVEs

Same CWE

CVE-2026-5513 — The Online Scheduling and Appointment Booking System – Bookly plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the '... (7.2 HIGH)
CVE-2026-9629 — The Canvas plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'tag' parameter in all versions up to, and including... (6.4 MEDIUM)
CVE-2026-3297 — The Page Builder: Pagelayer – Drag and Drop website builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Anc... (6.4 MEDIUM)
CVE-2026-9134 — The FooGallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'custom_attribute_key' shortcode parameter in ve... (6.4 MEDIUM)
CVE-2026-9109 — The GPTranslate – Multilingual AI Translation for WordPress: Automatically Translate Websites plugin for WordPress is vulnerable to Store... (7.2 HIGH)