CVE-2026-37750

UNKNOWN NVD

CVSS Score 0

Severity UNKNOWN

Published Apr 28, 2026

Vendor unknown

Description

A reflected Cross-Site Scripting (XSS) vulnerability in School Management System by mahmoudai1 allows unauthenticated remote attackers to execute arbitrary JavaScript in victim's browsers via the unsanitized type parameter in register.php.

References

https://github.com/mahmoudai1/school-management-system
https://github.com/mahmoudai1/school-management-system/blob/main/register.php
https://github.com/menevarad007/CVE-2026-37750