ByteOS Network

NVD Vulnerability Details :

CVE-2026-37750

Deferred

Source-cve@mitre.org

Published At-28 Apr, 2026 | 22:16

Updated At-29 Apr, 2026 | 21:23

A reflected Cross-Site Scripting (XSS) vulnerability in School Management System by mahmoudai1 allows unauthenticated remote attackers to execute arbitrary JavaScript in victim's browsers via the unsanitized type parameter in register.php.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Secondary	3.1	6.1	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Type: Secondary

Version: 3.1

Base score: 6.1

Base severity: MEDIUM

Vector:

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Weaknesses

CWE ID	Type	Source
CWE-79	Secondary	134c704f-9b21-4f2e-91b3-4a467353bcc0

CWE ID: CWE-79

Type: Secondary

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0

References

Hyperlink	Source	Resource
https://github.com/mahmoudai1/school-management-system	cve@mitre.org	N/A
https://github.com/mahmoudai1/school-management-system/blob/main/register.php	cve@mitre.org	N/A
https://github.com/menevarad007/CVE-2026-37750	cve@mitre.org	N/A
https://github.com/menevarad007/CVE-2026-37750	134c704f-9b21-4f2e-91b3-4a467353bcc0	N/A