CVE-2021-29388

MEDIUM

SourceCodester Budget Management System 1.0 - Stored Cross-Site Scripting via Budget Title Field

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2021-29388. PoCs published by Jitendra Kumar Tripathi.

AI-analyzed exploit summary This exploit demonstrates a stored XSS vulnerability in Budget Management System 1.0 via the 'Budget title' parameter. The payload triggers when the page is reloaded or updated, allowing cookie theft or user redirection.

Description

A stored cross-site scripting (XSS) vulnerability in SourceCodester Budget Management System 1.0 allows users to inject and store arbitrary JavaScript code in index.php via vulnerable field 'Budget Title'.

Exploits (1)

exploitdb WORKING POC

by Jitendra Kumar Tripathi · textwebappsphp

https://www.exploit-db.com/exploits/49723

View Code ZIP pw:eip

This exploit demonstrates a stored XSS vulnerability in Budget Management System 1.0 via the 'Budget title' parameter. The payload triggers when the page is reloaded or updated, allowing cookie theft or user redirection.

Classification

Working Poc 90%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: Budget Management System 1.0

Auth required

Prerequisites: Access to the Budget Management System · Ability to input a malicious budget title

MITRE ATT&CK

T1059.007 - JavaScript

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Core References

Product x_refsource_misc

https://www.sourcecodester.com/php/14403/budget-management-system.html

Third Party Advisory, VDB Entry x_refsource_misc

https://www.exploit-db.com/exploits/49723

Scores

CVSS v3 5.4

EPSS 0.0048

EPSS Percentile 37.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Details

CWE

CWE-79

Status published

Products (1)

budget_management_system_project/budget_management_system 1.0

Published Apr 28, 2021

Tracked Since Feb 18, 2026