CVE-2021-46068

MEDIUM NUCLEI

Vehicle Service Management System 1.0 - XSS

Title source: llm

Exploitation Summary

EIP tracks 3 public exploits for CVE-2021-46068. PoCs published by sanupl, plsanu. A Nuclei detection template is also available.

AI-analyzed exploit summary This repository provides a functional proof-of-concept for a stored XSS vulnerability in Vehicle Service Management System 1.0. The exploit involves injecting a malicious script into the 'My Account' section, which executes when the page is loaded.

Description

A Stored Cross Site Scripting (XSS) vulnerability exists in Vehicle Service Management System 1.0 via the My Account Section in login panel.

Exploits (3)

nomisec WORKING POC 1 stars

by sanupl · poc

https://github.com/sanupl/CVE-2021-46068

View Code ZIP pw:eip

This repository provides a functional proof-of-concept for a stored XSS vulnerability in Vehicle Service Management System 1.0. The exploit involves injecting a malicious script into the 'My Account' section, which executes when the page is loaded.

Classification

Working Poc 90%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: Vehicle Service Management System 1.0

Auth required

Prerequisites: Access to admin panel · Valid admin credentials

MITRE ATT&CK

T1059.007 - JavaScript T1189 - Drive-by Compromise

devstral-2 · analyzed May 19, 2026 Full analysis →

nomisec WORKING POC

by sanupl · poc

https://github.com/sanupl/Vehicle-Service-Management-System-MyAccount-Stored-Cross-Site-Scripting-XSS

View Code ZIP pw:eip

The repository provides a functional proof-of-concept for a stored XSS vulnerability in Vehicle Service Management System 1.0, demonstrating how an attacker can inject malicious JavaScript via the 'My Account' section.

Classification

Working Poc 90%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: Vehicle Service Management System 1.0

Auth required

Prerequisites: admin access to the application

MITRE ATT&CK

T1059.007 - JavaScript T1189 - Drive-by Compromise

devstral-2 · analyzed May 19, 2026 Full analysis →

nomisec WORKING POC

by plsanu · poc

https://github.com/plsanu/Vehicle-Service-Management-System-MyAccount-Stored-Cross-Site-Scripting-XSS

View Code ZIP pw:eip

This repository contains a proof-of-concept for a stored XSS vulnerability in Vehicle Service Management System 1.0, where malicious JavaScript can be injected via the 'My Account' section. The payload is straightforward and demonstrates cookie theft via an alert.

Classification

Working Poc 95%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: Vehicle Service Management System 1.0

Auth required

Prerequisites: Admin access to the Vehicle Service Management System

MITRE ATT&CK

T1059.007 - JavaScript

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Nuclei Templates (1)

Vehicle Service Management System - Stored Cross-Site Scripting

MEDIUMVERIFIEDby TenBird

References (2)

Core 2

Core References

Exploit, Third Party Advisory x_refsource_misc

https://www.plsanu.com/vehicle-service-management-system-myaccount-stored-cross-site-scripting-xss

Exploit, Third Party Advisory x_refsource_misc

https://github.com/plsanu/Vehicle-Service-Management-System-MyAccount-Stored-Cross-Site-Scripting-XSS

Scores

CVSS v3 4.8

EPSS 0.0274

EPSS Percentile 84.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

Details

CWE

CWE-79

Status published

Products (1)

vehicle_service_management_system_project/vehicle_service_management_system < 1.0

Published Jan 06, 2022

Tracked Since Feb 18, 2026