Description
thesystem version 1.0 contains a persistent cross-site scripting vulnerability that allows attackers to inject malicious scripts through multiple server data input fields. Attackers can submit crafted script payloads in operating_system, system_owner, system_username, system_password, system_description, and server_name parameters to execute arbitrary JavaScript in victim browsers.
Exploits (1)
exploitdb
WORKING POC
by Anıl Baran Yelken · textwebappspython
https://www.exploit-db.com/exploits/47440
Scores
CVSS v3
6.4
EPSS
0.0003
EPSS Percentile
10.1%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
no
Technical Impact
partial
Details
CWE
CWE-79
Status
published
Products (1)
kostasmitroglou/thesystem
1.0.0
Published
Feb 11, 2026
Tracked Since
Feb 18, 2026