A vulnerability, which was classified as problematic, has been found in SourceCodester Class and Exam Timetabling System 1.0. Affected by this vulnerability is an unknown functionality of the file /CYS.php. This manipulation of the argument course causes cross site scripting.

This vulnerability is tracked as CVE-2026-16202. The attack is possible to be carried out remotely. Moreover, an exploit is present.