PatchSiren cyber security CVE debrief
CVE-2026-10810 itsourcecode CVE debrief
A weakness has been identified in itsourcecode Fees Management System up to 1.0. Affected is an unknown function of the file /navbar.php. This manipulation of the argument page causes cross site scripting. The attack is possible to be carried out remotely. The exploit has been made available to the public and could be used for attacks.
- Vendor
- itsourcecode
- Product
- Fees Management System
- CVSS
- LOW 2.1
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-04
- Original CVE updated
- 2026-06-04
- Advisory published
- 2026-06-04
- Advisory updated
- 2026-06-04
Who should care
Users of itsourcecode Fees Management System up to 1.0
Technical summary
The vulnerability has been identified in the itsourcecode Fees Management System up to version 1.0. The issue lies in an unknown function of the file /navbar.php, where manipulation of the 'page' argument leads to cross-site scripting (XSS). The attack can be carried out remotely.
Defensive priority
Low
Recommended defensive actions
- Apply patches or updates provided by the vendor, if available.
- Implement input validation and output encoding to prevent cross-site scripting (XSS) attacks.
- Use a web application firewall (WAF) to detect and prevent XSS attacks.
Evidence notes
The CVE-2026-10810 vulnerability has been identified in the itsourcecode Fees Management System up to version 1.0. The vulnerability is caused by improper input validation in the /navbar.php file, which allows for cross-site scripting (XSS) attacks.
Official resources
CVE-2026-10810 was published on 2026-06-04T14:16:37.400Z and modified on 2026-06-04T14:41:25.017Z.