A vulnerability was identified in SourceCodester Class and Exam Timetabling System 1.0. Affected by this issue is some unknown functionality of the file /forCYS.php. Such manipulation of the argument course leads to cross site scripting. The attack may be performed from remote. The exploit is publicly available and might be used.
Exploit
CVE-2026-16203
NVD
Refer to CVE-2026-16203 NVD advisory