{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-3983", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2026-03-11T14:33:24.756Z", "datePublished": "2026-03-12T05:02:07.821Z", "dateUpdated": "2026-03-12T14:37:50.928Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2026-03-12T05:02:07.821Z"}, "title": "Campcodes Division Regional Athletic Meet Game Result Matrix System save-games.php cross site scripting", "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-79", "lang": "en", "description": "Cross Site Scripting"}]}, {"descriptions": [{"type": "CWE", "cweId": "CWE-94", "lang": "en", "description": "Code Injection"}]}], "affected": [{"vendor": "Campcodes", "product": "Division Regional Athletic Meet Game Result Matrix System", "versions": [{"version": "2.1", "status": "affected"}]}], "descriptions": [{"lang": "en", "value": "A security flaw has been discovered in Campcodes Division Regional Athletic Meet Game Result Matrix System 2.1. This affects an unknown part of the file save-games.php. The manipulation of the argument game_name results in cross site scripting. The attack may be performed from remote. The exploit has been released to the public and may be used for attacks."}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 5.1, "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P", "baseSeverity": "MEDIUM"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 3.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R", "baseSeverity": "LOW"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 3.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R", "baseSeverity": "LOW"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 4, "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N/E:POC/RL:ND/RC:UR"}}], "timeline": [{"time": "2026-03-11T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed"}, {"time": "2026-03-11T01:00:00.000Z", "lang": "en", "value": "VulDB entry created"}, {"time": "2026-03-11T15:38:34.000Z", "lang": "en", "value": "VulDB entry last update"}], "credits": [{"lang": "en", "value": "Laney (VulDB User)", "type": "reporter"}], "references": [{"url": "https://vuldb.com/?id.350419", "name": "VDB-350419 | Campcodes Division Regional Athletic Meet Game Result Matrix System save-games.php cross site scripting", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.350419", "name": "VDB-350419 | CTI Indicators (IOB, IOC, TTP, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.769720", "name": "Submit #769720 | campcodes Division/Regional Athletic Meet Game Result Matrix System v2.1 Cross Site Scripting", "tags": ["third-party-advisory"]}, {"url": "https://github.com/LaneyYu/cve/issues/10", "tags": ["exploit", "issue-tracking"]}, {"url": "https://www.campcodes.com/", "tags": ["product"]}], "tags": ["x_freeware"]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-12T14:37:31.462271Z", "id": "CVE-2026-3983", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-12T14:37:50.928Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-3983", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-12T14:37:31.462271Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-12T14:37:46.024Z"}}], "cna": {"tags": ["x_freeware"], "title": "Campcodes Division Regional Athletic Meet Game Result Matrix System save-games.php cross site scripting", "credits": [{"lang": "en", "type": "reporter", "value": "Laney (VulDB User)"}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 5.1, "baseSeverity": "MEDIUM", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 3.5, "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 3.5, "baseSeverity": "LOW", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 4, "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N/E:POC/RL:ND/RC:UR"}}], "affected": [{"vendor": "Campcodes", "product": "Division Regional Athletic Meet Game Result Matrix System", "versions": [{"status": "affected", "version": "2.1"}]}], "timeline": [{"lang": "en", "time": "2026-03-11T00:00:00.000Z", "value": "Advisory disclosed"}, {"lang": "en", "time": "2026-03-11T01:00:00.000Z", "value": "VulDB entry created"}, {"lang": "en", "time": "2026-03-11T15:38:34.000Z", "value": "VulDB entry last update"}], "references": [{"url": "https://vuldb.com/?id.350419", "name": "VDB-350419 | Campcodes Division Regional Athletic Meet Game Result Matrix System save-games.php cross site scripting", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.350419", "name": "VDB-350419 | CTI Indicators (IOB, IOC, TTP, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.769720", "name": "Submit #769720 | campcodes Division/Regional Athletic Meet Game Result Matrix System v2.1 Cross Site Scripting", "tags": ["third-party-advisory"]}, {"url": "https://github.com/LaneyYu/cve/issues/10", "tags": ["exploit", "issue-tracking"]}, {"url": "https://www.campcodes.com/", "tags": ["product"]}], "descriptions": [{"lang": "en", "value": "A security flaw has been discovered in Campcodes Division Regional Athletic Meet Game Result Matrix System 2.1. This affects an unknown part of the file save-games.php. The manipulation of the argument game_name results in cross site scripting. The attack may be performed from remote. The exploit has been released to the public and may be used for attacks."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-79", "description": "Cross Site Scripting"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-94", "description": "Code Injection"}]}], "providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2026-03-12T05:02:07.821Z"}}}, "cveMetadata": {"cveId": "CVE-2026-3983", "state": "PUBLISHED", "dateUpdated": "2026-03-12T14:37:50.928Z", "dateReserved": "2026-03-11T14:33:24.756Z", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "datePublished": "2026-03-12T05:02:07.821Z", "assignerShortName": "VulDB"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A security flaw has been discovered in Campcodes Division Regional Athletic Meet Game Result Matrix System 2.1. This affects an unknown part of the file save-games.php. The manipulation of the argument game_name results in cross site scripting. The attack may be performed from remote. The exploit has been released to the public and may be used for attacks."}, {"lang": "es", "value": "Una falla de seguridad ha sido descubierta en Campcodes Division Regional Athletic Meet Game Result Matrix System 2.1. Esto afecta una parte desconocida del archivo save-games.PHP. La manipulaci\u00f3n del argumento game_name resulta en cross-site scripting. El ataque puede ser realizado de forma remota. El exploit ha sido publicado y puede ser utilizado para ataques."}], "id": "CVE-2026-3983", "lastModified": "2026-04-29T01:00:01.613", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "cna@vuldb.com", "type": "Secondary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.5, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.1, "impactScore": 1.4, "source": "cna@vuldb.com", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 2.0, "baseSeverity": "LOW", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "PROOF_OF_CONCEPT", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "PASSIVE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "cna@vuldb.com", "type": "Secondary"}]}, "published": "2026-03-12T06:16:30.743", "references": [{"source": "cna@vuldb.com", "url": "https://github.com/LaneyYu/cve/issues/10"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/?ctiid.350419"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/?id.350419"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/?submit.769720"}, {"source": "cna@vuldb.com", "url": "https://www.campcodes.com/"}], "sourceIdentifier": "cna@vuldb.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}, {"lang": "en", "value": "CWE-94"}], "source": "cna@vuldb.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "2.1"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "original": {"product": "Division Regional Athletic Meet Game Result Matrix System", "source": "cna", "vendor": "Campcodes"}, "product": "division_regional_athletic_meet_game_result_matrix_system", "vendor": "campcodes"}], "analysis": {"en": {"generated_at": "2026-04-16T02:48:52.412623+00:00", "value": {"mitigation_remediation": ["Update the application to a patched release that removes the vulnerable code in save\u2011games.php", "Sanitize the game_name input by validating or encoding the data before it is rendered in the browser", "Deploy a Web Application Firewall rule that blocks script injection attempts targeting the game_name parameter"], "summary": {"action": "Immediate Patch", "impact": "Cross\u2011Site Scripting"}, "threat_synthesis": {"affected_systems": "The affected application is Campcodes Division Regional Athletic Meet Game Result Matrix System, version 2.1. The vulnerability resides in an unknown section of the file save\u2011games.php; a security patch is required to remove the attack surface.", "description_and_impact": "The flaw in save\u2011games.php permits attackers to inject malicious scripts through the game_name argument. This leads to cross\u2011site scripting, which can be used to hijack user sessions, deface content, or execute further client\u2011side attacks. The CVE notes that the exploit has been publicly released and attackers can trigger it from remote hosts.", "risk_and_exploitability": "The base exploit score of 5.1 reflects a moderate impact. The EPSS score of less than 1\u202f% suggests low current exploitation likelihood, but the vulnerability is publicly known and may be leveraged arbitrarily. The attack vector is inferred to be network\u2011based, with the threat of remote exploitation."}}}}, "created": "2026-03-13T09:53:34.233748+00:00", "updated": "2026-04-16T03:00:09.180480+00:00", "vendors": ["campcodes", "campcodes$PRODUCT$division_regional_athletic_meet_game_result_matrix_system"]}