CVE-2021-46071

MEDIUM NUCLEI

Vehicle Service Management System 1.0 - XSS

Title source: llm

Exploitation Summary

EIP tracks 3 public exploits for CVE-2021-46071. PoCs published by sanupl, plsanu. A Nuclei detection template is also available.

AI-analyzed exploit summary This repository provides a detailed technical description of a Stored XSS vulnerability in Vehicle Service Management System 1.0, including the exploit steps and payload. It does not contain functional exploit code but offers a clear walkthrough of the vulnerability.

Description

A Stored Cross Site Scripting (XSS) vulnerability exists in Vehicle Service Management System 1.0 via the Category List Section in login panel.

Exploits (3)

nomisec WRITEUP 1 stars

by sanupl · poc

https://github.com/sanupl/CVE-2021-46071

View Code ZIP pw:eip

This repository provides a detailed technical description of a Stored XSS vulnerability in Vehicle Service Management System 1.0, including the exploit steps and payload. It does not contain functional exploit code but offers a clear walkthrough of the vulnerability.

Classification

Writeup 90%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: Vehicle Service Management System 1.0

Auth required

Prerequisites: admin access to the application

MITRE ATT&CK

T1059.007 - JavaScript T1189 - Drive-by Compromise

devstral-2 · analyzed May 19, 2026 Full analysis →

nomisec WORKING POC

by sanupl · poc

https://github.com/sanupl/Vehicle-Service-Management-System-Category-List-Stored-Cross-Site-Scripting-XSS

View Code ZIP pw:eip

This repository provides a functional proof-of-concept for a stored XSS vulnerability in Vehicle Service Management System 1.0. The exploit involves injecting a malicious script into the 'Category Name' field, which executes when saved and viewed.

Classification

Working Poc 90%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: Vehicle Service Management System 1.0

Auth required

Prerequisites: admin access to the application

MITRE ATT&CK

T1059.007 - JavaScript T1189 - Drive-by Compromise

devstral-2 · analyzed May 19, 2026 Full analysis →

nomisec WORKING POC

by plsanu · poc

https://github.com/plsanu/Vehicle-Service-Management-System-Category-List-Stored-Cross-Site-Scripting-XSS

View Code ZIP pw:eip

This repository contains a proof-of-concept for a stored XSS vulnerability in Vehicle Service Management System 1.0, where an attacker can inject malicious JavaScript code via the Category Name input field in the admin panel.

Classification

Working Poc 100%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: Vehicle Service Management System 1.0

Auth required

Prerequisites: Access to admin panel · Valid admin credentials

MITRE ATT&CK

T1059.007 - JavaScript

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Nuclei Templates (1)

ehicle Service Management System 1.0 - Cross-Site Scripting

MEDIUMVERIFIEDby TenBird

References (2)

Core 2

Core References

Exploit, Third Party Advisory x_refsource_misc

https://www.plsanu.com/vehicle-service-management-system-category-list-stored-cross-site-scripting-xss

Exploit, Third Party Advisory x_refsource_misc

https://github.com/plsanu/Vehicle-Service-Management-System-Category-List-Stored-Cross-Site-Scripting-XSS

Scores

CVSS v3 4.8

EPSS 0.0274

EPSS Percentile 84.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

Details

CWE

CWE-79

Status published

Products (1)

vehicle_service_management_system_project/vehicle_service_management_system < 1.0

Published Jan 06, 2022

Tracked Since Feb 18, 2026