CVE-2026-1154 | SourceCodester E-Learning System 1.0 Lesson index.php Title/Description cross site scripting

Inserito da Angelo Barbosa | Gen 18, 2026 | CVE

A vulnerability was found in SourceCodester E-Learning System 1.0. It has been declared as problematic. This impacts an unknown function of the file /admin/modules/lesson/index.php of the component Lesson Module Handler. Executing a manipulation of the argument Title/Description can lead to basic cross site scripting.

This vulnerability is handled as CVE-2026-1154. The attack can be executed remotely. Additionally, an exploit exists.

CVE-2026-1154 | SourceCodester E-Learning System 1.0 Lesson index.php Title/Description cross site scripting

Post correlati

CVE-2024-37568 | Authlib up to 1.3.0 Asymmetric Public Key jwt.decode Privilege Escalation (Issue 654)

CVE-2024-49779 | IBM OpenPages with Watson 8.3/9.0 Session ID Cookie cross-site request forgery

CVE-2025-26911 | Bowo System Dashboard Plugin up to 2.8.18 on WordPress exposure of sensitive system information to an unauthorized control sphere

CVE-2025-61413 | Piranha CMS 12.1 Markdown Block /manager/pages cross site scripting