CVE-2020-35752

MEDIUM

Baby Care System 1.0 - Stored Cross-Site Scripting via Post Title Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2020-35752. PoCs published by Hardik Solanki.

AI-analyzed exploit summary This exploit demonstrates a stored XSS vulnerability in Baby Care System 1.0, where an attacker can inject malicious JavaScript into the 'Post title' parameter. The payload executes when other users view the post, potentially stealing cookies.

Description

Baby Care System 1.0 is affected by a cross-site scripting (XSS) vulnerability in the Edit Page tab through the Post title parameter.

Exploits (1)

exploitdb WORKING POC

by Hardik Solanki · textwebappsphp

https://www.exploit-db.com/exploits/49358

View Code ZIP pw:eip

This exploit demonstrates a stored XSS vulnerability in Baby Care System 1.0, where an attacker can inject malicious JavaScript into the 'Post title' parameter. The payload executes when other users view the post, potentially stealing cookies.

Classification

Working Poc 90%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: Baby Care System 1.0

Auth required

Prerequisites: Valid user credentials · Access to the 'Post' tab

MITRE ATT&CK

T1189 - Drive-by Compromise

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Core References

Product x_refsource_misc

https://www.sourcecodester.com/download-code?nid=14622&title=Baby+Care+System+in+PHP%2FMySQLi+with+Full+Source+Code+

Product x_refsource_misc

https://www.sourcecodester.com/php/14622/baby-care-system-phpmysqli-full-source-code.html

Exploit, Third Party Advisory, VDB Entry x_refsource_misc

https://www.exploit-db.com/exploits/49358

Scores

CVSS v3 5.4

EPSS 0.0089

EPSS Percentile 54.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Details

CWE

CWE-79

Status published

Products (1)

janobe/baby_care_system 1.0

Published Mar 10, 2021

Tracked Since Feb 18, 2026