CVE-2020-29239

MEDIUM

Online Birth Certificate System Project V 1.0 - XSS

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2020-29239. PoCs published by Sagar Banwa.

AI-analyzed exploit summary This exploit demonstrates a persistent XSS vulnerability in the 'Online Voting System Project in PHP' by injecting a malicious script into the 'username' field during registration. The payload is executed when the user logs in, confirming the vulnerability.

Description

Online Birth Certificate System Project V 1.0 is affected by cross-site scripting (XSS). This vulnerability can result in an attacker injecting the XSS payload in the User Registration section. When an admin visits the View Detail of Application section from the admin panel, the attacker can able to steal the cookie according to the crafted payload.

Exploits (1)

exploitdb WORKING POC

by Sagar Banwa · textwebappsmultiple

https://www.exploit-db.com/exploits/49159

View Code ZIP pw:eip

This exploit demonstrates a persistent XSS vulnerability in the 'Online Voting System Project in PHP' by injecting a malicious script into the 'username' field during registration. The payload is executed when the user logs in, confirming the vulnerability.

Classification

Working Poc 90%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: Online Voting System Project in PHP (version unspecified)

No auth needed

Prerequisites: Access to the registration page of the vulnerable application

MITRE ATT&CK

T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1

Core References

Third Party Advisory, VDB Entry x_refsource_misc

https://www.exploit-db.com/exploits/49159

Scores

CVSS v3 6.1

EPSS 0.0046

EPSS Percentile 36.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Details

CWE

CWE-79

Status published

Products (1)

janobe/online_voting_system 1.0

Published Dec 02, 2020

Tracked Since Feb 18, 2026