A vulnerability described as problematic has been identified in SourceCodester Class and Exam Timetabling System 1.0. The impacted element is an unknown function of the file /subject.php. Such manipulation of the argument subject leads to cross site scripting.

This vulnerability is referenced as CVE-2026-15596. It is possible to launch the attack remotely. Furthermore, an exploit is available.