PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-16220 code-projects CVE debrief

A vulnerability has been found in code-projects Online Examination System 1.0. This vulnerability affects unknown code of the file /account.php?q=quiz. Such manipulation of the argument eid/n/t leads to cross site scripting. The attack can be launched remotely. Users of code-projects Online Examination System 1.0 should be aware of this cross site scripting vulnerability and take steps to mitigate it. The vulnerability is located in the /account.php?q=quiz file of code-projects Online Examination System 1.0.

Vendor
code-projects
Product
Online Examination System
CVSS
LOW 2.1
CISA KEV
Not listed in stored evidence
Original CVE published
2026-07-19
Original CVE updated
2026-07-19
Advisory published
2026-07-19
Advisory updated
2026-07-19

Who should care

Users of code-projects Online Examination System 1.0 should be aware of this cross site scripting vulnerability and take steps to mitigate it. This includes administrators, developers, and users who interact with the system.

Technical summary

The vulnerability is located in the /account.php?q=quiz file of code-projects Online Examination System 1.0. The eid, n, and t arguments are not properly sanitized, allowing for cross site scripting attacks. This could lead to unauthorized actions on behalf of the user. Users should verify affected scope and take steps to mitigate it, including reviewing compensating controls for exposed systems and checking relevant monitoring, detection, and logs for exposed assets that need extra review.

Defensive priority

Low priority due to CVSS score of 2.1. However, users should still take steps to mitigate the vulnerability.

Recommended defensive actions

  • Inventory and verify affected scope
  • Apply vendor remediation or compensating controls
  • Monitor for suspicious activity
  • Exception tracking and retest
  • Review compensating controls for exposed systems while remediation is scheduled and verified
  • Check relevant monitoring, detection, and logs for exposed assets that need extra review
  • Track exceptions, retest remediated assets, and close the item only after evidence is documented

Evidence notes

Evidence is limited. Primary official records indicate a cross site scripting vulnerability in code-projects Online Examination System 1.0. The CVE record was published on 2026-07-19T07:16:49.687Z and has not been modified since then. The attack can be launched remotely. Users should verify affected scope and take steps to mitigate it.

Official resources

AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-19T07:16:49.687Z and has not been modified since then.