CVE-2026-4973 MEDIUM

CVE-2026-4973: SourceCodester Online Quiz System add-question.php cross site scripting

Vendor Sourcecodester

Product Online Quiz System

Weakness CWE-79 · XSS

Published March 27, 2026

Last update March 30, 2026

View on NVD All CVEs

CVSS base score

5.1/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction —

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P

What the vulnerability does

Description

A vulnerability was detected in SourceCodester Online Quiz System up to 1.0. Affected by this vulnerability is an unknown functionality of the file endpoint/add-question.php. Performing a manipulation of the argument quiz_question results in cross site scripting. It is possible to initiate the attack remotely. The exploit is now public and may be used.

Key dates

Disclosure timeline

March 27, 2026 CVE published

March 30, 2026 Record updated