Home

Description

A vulnerability was detected in Akpali9 Attendance-Management-System up to 70b91fe38f4195b701a45f0edcd4f42d5f64aeee. This issue affects some unknown processing of the file absent.php. Performing a manipulation of the argument export_date results in cross site scripting. It is possible to initiate the attack remotely. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available. The vendor was contacted early about this disclosure but did not respond in any way.

PUBLISHED Reserved 2026-07-11 | Published 2026-07-12 | Updated 2026-07-12 | Assigner VulDB




MEDIUM: 5.1CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X
LOW: 3.5CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N/E:X/RL:X/RC:R
LOW: 3.5CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N/E:X/RL:X/RC:R
4.0AV:N/AC:L/Au:S/C:N/I:P/A:N/E:ND/RL:ND/RC:UR

Problem types

Cross Site Scripting

Code Injection

Product status

70b91fe38f4195b701a45f0edcd4f42d5f64aeee
affected

Timeline

2026-07-11:Advisory disclosed
2026-07-11:VulDB entry created
2026-07-11:VulDB entry last update

Credits

Dest1ny_2 (VulDB User) reporter

VulDB CNA Team coordinator

References

vuldb.com/vuln/377800 (VDB-377800 | Akpali9 Attendance-Management-System absent.php cross site scripting) vdb-entry technical-description

vuldb.com/vuln/377800/cti (VDB-377800 | CTI Indicators (IOB, IOC, TTP, IOA)) signature permissions-required

vuldb.com/cve/CVE-2026-15493 (CVE-2026-15493 | CVE Analysis and Report) third-party-advisory

vuldb.com/submit/844298 (Submit #844298 | Akpali9 Attendance-Management-System latest (2026-06, no formal release) Improper Neutralization of Alternate XSS Syntax) third-party-advisory

cve.org (CVE-2026-15493)

nvd.nist.gov (CVE-2026-15493)

Download JSON