CVE-2021-29388

MEDIUM

Budget Management System - XSS

Title source: rule

Description

A stored cross-site scripting (XSS) vulnerability in SourceCodester Budget Management System 1.0 allows users to inject and store arbitrary JavaScript code in index.php via vulnerable field 'Budget Title'.

Exploits (1)

exploitdb WORKING POC

by Jitendra Kumar Tripathi · textwebappsphp

https://www.exploit-db.com/exploits/49723

View Code ZIP pw:eip

References (2)

[Product] https://www.sourcecodester.com/php/14403/budget-management-system.html

[Third Party Advisory, VDB Entry] https://www.exploit-db.com/exploits/49723

Scores

CVSS v3 5.4

EPSS 0.0018

EPSS Percentile 39.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Details

CWE

CWE-79

Status published

Products (1)

budget_management_system_project/budget_management_system 1.0

Published Apr 28, 2021

Tracked Since Feb 18, 2026