{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-4972", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2026-03-27T08:54:26.957Z", "datePublished": "2026-03-27T19:15:22.568Z", "dateUpdated": "2026-03-27T22:17:39.404Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2026-03-27T22:17:39.404Z"}, "title": "code-projects Online Reviewer System btn_functions.php cross site scripting", "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-79", "lang": "en", "description": "Cross Site Scripting"}]}, {"descriptions": [{"type": "CWE", "cweId": "CWE-94", "lang": "en", "description": "Code Injection"}]}], "affected": [{"vendor": "code-projects", "product": "Online Reviewer System", "versions": [{"version": "1.0", "status": "affected"}]}], "descriptions": [{"lang": "en", "value": "A security vulnerability has been detected in code-projects Online Reviewer System up to 1.0. Affected is an unknown function of the file /system/system/students/assessments/databank/btn_functions.php. Such manipulation of the argument Description leads to cross site scripting. The attack may be performed from remote. The exploit has been disclosed publicly and may be used."}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 4.8, "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P", "baseSeverity": "MEDIUM"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 2.4, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R", "baseSeverity": "LOW"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 2.4, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R", "baseSeverity": "LOW"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 3.3, "vectorString": "AV:N/AC:L/Au:M/C:N/I:P/A:N/E:POC/RL:ND/RC:UR"}}], "timeline": [{"time": "2026-03-27T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed"}, {"time": "2026-03-27T01:00:00.000Z", "lang": "en", "value": "VulDB entry created"}, {"time": "2026-03-27T09:59:31.000Z", "lang": "en", "value": "VulDB entry last update"}], "credits": [{"lang": "en", "value": "AhmadMarzook (VulDB User)", "type": "reporter"}], "references": [{"url": "https://vuldb.com/?id.353859", "name": "VDB-353859 | code-projects Online Reviewer System btn_functions.php cross site scripting", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.353859", "name": "VDB-353859 | CTI Indicators (IOB, IOC, TTP, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.778031", "name": "Submit #778031 | code-projects Online Reviewer System In PHP 1.0 Cross Site Scripting", "tags": ["third-party-advisory"]}, {"url": "https://github.com/ahmadmarz10-hub/CVEsMarz/blob/main/Stored%20Cross-Site%20Scripting%20(XSS)%20in%20Online%20Reviewer%20System%20PHP%20description%20Parameter.md", "tags": ["exploit"]}, {"url": "https://code-projects.org/", "tags": ["product"]}], "tags": ["x_freeware"]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-27T19:31:07.199487Z", "id": "CVE-2026-4972", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-27T19:31:20.737Z"}}]}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A security vulnerability has been detected in code-projects Online Reviewer System up to 1.0. Affected is an unknown function of the file /system/system/students/assessments/databank/btn_functions.php. Such manipulation of the argument Description leads to cross site scripting. The attack may be performed from remote. The exploit has been disclosed publicly and may be used. Statistical analysis made it clear that VulDB provides the best quality for vulnerability data."}], "id": "CVE-2026-4972", "lastModified": "2026-03-27T20:16:38.003", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "MULTIPLE", "availabilityImpact": "NONE", "baseScore": 3.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:M/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 6.4, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "cna@vuldb.com", "type": "Secondary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 2.4, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 0.9, "impactScore": 1.4, "source": "cna@vuldb.com", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "PROOF_OF_CONCEPT", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "HIGH", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "PASSIVE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "cna@vuldb.com", "type": "Secondary"}]}, "published": "2026-03-27T20:16:38.003", "references": [{"source": "cna@vuldb.com", "url": "https://code-projects.org/"}, {"source": "cna@vuldb.com", "url": "https://github.com/ahmadmarz10-hub/CVEsMarz/blob/main/Stored%20Cross-Site%20Scripting%20(XSS)%20in%20Online%20Reviewer%20System%20PHP%20description%20Parameter.md"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/?ctiid.353859"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/?id.353859"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/?submit.778031"}], "sourceIdentifier": "cna@vuldb.com", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}, {"lang": "en", "value": "CWE-94"}], "source": "cna@vuldb.com", "type": "Primary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-03-27T20:23:02.280255+00:00", "value": {"mitigation_remediation": ["Check the vendor\u2019s website or repository for an official patch or updated version of Online Reviewer System newer than 1.0 and apply it immediately", "If no patch is available, review and modify the application code that processes the Description parameter to enforce strict output encoding or input sanitization before rendering it in the browser", "Add server\u2011side validation to reject or strip out disallowed script tags and JavaScript event handlers from the Description field", "Implement a web application firewall rule or CSP header that restricts executable scripts to trusted sources as an additional defense"], "summary": {"action": "Apply patch", "impact": "Cross\u2011Site Scripting that can lead to arbitrary client\u2011side script execution"}, "threat_synthesis": {"affected_systems": "The system is the code\u2011projects Online Reviewer System, versions up to 1.0. No additional patch or version information is supplied, and the vulnerability description indicates that the issue exists in the btn_functions.php endpoint that handles the Description parameter. Users running any version of the platform prior to 1.0 are potentially exposed.", "description_and_impact": "The Online Reviewer System contains a critical cross\u2011site scripting flaw that can be triggered by manipulating the Description argument in the btn_functions.php file. The vulnerability is a CWE\u201179 type flaw that allows an attacker to inject malicious JavaScript into pages served to users, potentially enabling session hijacking, credential theft, or malicious defacement. While the vendor marks affected versions up to 1.0, no further mitigation is present in the code base, leaving the application vulnerable to script injection whenever the Description field is displayed without proper encoding.", "risk_and_exploitability": "The CVSS score of 4.8 indicates moderate severity. The EPSS value is not available and the vulnerability is not listed in the CISA KEV catalog, suggesting it may not be widely exploited yet. However, the description confirms that the flaw can be exploited remotely, meaning an attacker can deliver malicious payloads simply by triggering the vulnerable endpoint from a web browser. Because the vulnerability hinges on unsanitized input, no special conditions are required beyond user interaction with the affected page. The risk therefore stems from the fact that an attacker can covertly inject code that runs in the victim\u2019s browser whenever that page is viewed, presenting a tangible threat to confidentiality and integrity of the client session."}}}}, "created": "2026-03-27T20:27:37.408176+00:00", "updated": "2026-03-27T20:27:37.408201+00:00", "vendors": []}