CVE-2026-4973

LOW 3.5

SourceCodester Online Quiz System add-question.php cross site scripting

CVSS Score

3.5

EPSS Score

0.0%

EPSS Percentile

9th

A vulnerability was detected in SourceCodester Online Quiz System up to 1.0. Affected by this vulnerability is an unknown functionality of the file endpoint/add-question.php. Performing a manipulation of the argument quiz_question results in cross site scripting. It is possible to initiate the attack remotely. The exploit is now public and may be used.

CWE	CWE-79 CWE-94
Vendor	sourcecodester
Product	online quiz system
Published	Mar 27, 2026
Last Updated	Mar 30, 2026

Stay Ahead of the Next One

Get instant alerts for sourcecodester online quiz system

Be the first to know when new low vulnerabilities affecting sourcecodester online quiz system are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality

Integrity

Availability

Affected Versions

SourceCodester / Online Quiz System

1.0

References

NVD ↗ CVE.org ↗ EPSS Data ↗

vuldb.com: https://vuldb.com/?id.353860 vuldb.com: https://vuldb.com/?ctiid.353860 vuldb.com: https://vuldb.com/?submit.778101 gist.github.com: https://gist.github.com/Mohdanass/5992b65cca5612c036f1d31d8d8f0646 sourcecodester.com: https://www.sourcecodester.com/

Credits

🔍 Anas22335 (VulDB User)