CVE-2021-46005
MEDIUM NUCLEISourcecodester Car Rental Management System 1.0 - XSS
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2021-46005. PoCs published by Naved Shaikh. A Nuclei detection template is also available.
AI-analyzed exploit summary This exploit demonstrates a stored XSS vulnerability in Online Car Rental System 1.0 by injecting a malicious script into the 'vehicalorcview' parameter, which executes when the page is viewed.
Description
Sourcecodester Car Rental Management System 1.0 is vulnerable to Cross Site Scripting (XSS) via vehicalorcview parameter.
Exploits (1)
exploitdb
WORKING POC
by Naved Shaikh · textwebappsphp
https://www.exploit-db.com/exploits/49546
This exploit demonstrates a stored XSS vulnerability in Online Car Rental System 1.0 by injecting a malicious script into the 'vehicalorcview' parameter, which executes when the page is viewed.
Classification
Working Poc 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target:
Online Car Rental System 1.0
Auth required
Prerequisites:
Access to the admin panel · Valid session cookie
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026
Full analysis →
Nuclei Templates (1)
Sourcecodester Car Rental Management System 1.0 - Stored Cross-Site Scripting
MEDIUMby cckuailong
Shodan:
http.html:"car rental management system"
FOFA:
body="car rental management system"
References (2)
Core 2
Core References
Exploit, Third Party Advisory, VDB Entry x_refsource_misc
https://www.exploit-db.com/exploits/49546
Product x_refsource_misc
https://www.sourcecodester.com/cc/14145/online-car-rental-system-using-phpmysql.html
Scores
CVSS v3
5.4
EPSS
0.0291
EPSS Percentile
85.2%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Details
CWE
CWE-79
Status
published
Products (1)
car_rental_management_system_project/car_rental_management_system
1.0
Published
Jan 18, 2022
Tracked Since
Feb 18, 2026