QwikSec

Security Database

CVE

CWE

Training

CVE-2026-2201

Published: Feb 9, 2026

Modified: Feb 23, 2026

PUBLISHED

CVSS v3.1

2.4

LOW

Description

A security vulnerability has been detected in ZeroWdd studentmanager up to 2151560fc0a50ec00426785ec1e01a3763b380d9. This impacts the function addLeave of the file src/main/java/com/wdd/studentmanager/controller/LeaveController.java. The manipulation of the argument Reason for Leave leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed publicly and may be used. This product uses a rolling release model to deliver continuous updates. As a result, specific version information for affected or updated releases is not available. The code repository of the project has not been active for many years.

Vendor	Product	Versions
ZeroWdd	studentmanager	affected `2151560fc0a50ec00426785ec1e01a3763b380d9`

Weaknesses (CWE)

CVSS v3.1 Details

CVSS v3.1 Vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R

Attack Vector

Network

Attack Complexity

Low

Privileges Required

High

User Interaction

Required

Scope

Unchanged

Confidentiality

None

Integrity

Low

Availability

None

References

VDB-344904 | ZeroWdd studentmanager LeaveController.java addLeave cross site scripting

vdb-entry

technical-description

VDB-344904 | CTI Indicators (IOB, IOC, TTP, IOA)

signature

permissions-required

Submit #750217 | https://github.com/ZeroWdd/studentmanager/ https://github.com/ZeroWdd/studentmanager/issues 1.0 Improper Neutralization of Input During Web Page Generation

third-party-advisory

https://www.yuque.com/clockw1se/lts9x9/mxgrzspnzmpxu7e7

exploit

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.