CVE-2026-37750 | THREATINT

Description

A reflected Cross-Site Scripting (XSS) vulnerability in School Management System by mahmoudai1 allows unauthenticated remote attackers to execute arbitrary JavaScript in victim's browsers via the unsanitized type parameter in register.php.

PUBLISHED Reserved 2026-04-06 | Published 2026-04-28 | Updated 2026-04-29 | Assigner mitre

References

github.com/menevarad007/CVE-2026-37750 exploit

github.com/mahmoudai1/school-management-system

github.com/...chool-management-system/blob/main/register.php

github.com/menevarad007/CVE-2026-37750

cve.org (CVE-2026-37750)

nvd.nist.gov (CVE-2026-37750)

Download JSON