CVE-2021-46074

MEDIUM

Sourcecodester Vehicle Service Mgmt 1.0 - XSS

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 3 public exploits for CVE-2021-46074. PoCs published by sanupl, plsanu.

AI-analyzed exploit summary This repository provides a detailed technical writeup for CVE-2021-46074, a stored XSS vulnerability in Sourcecodester Vehicle Service Management System 1.0. It includes the exploit steps, payload, and mitigation advice, demonstrating a clear understanding of the vulnerability.

Description

A Stored Cross Site Scripting (XSS) vulnerability exists in Sourcecodester Vehicle Service Management System 1.0 via the Settings Section in login panel.

Exploits (3)

nomisec WRITEUP 1 stars
by sanupl · poc
https://github.com/sanupl/CVE-2021-46074

This repository provides a detailed technical writeup for CVE-2021-46074, a stored XSS vulnerability in Sourcecodester Vehicle Service Management System 1.0. It includes the exploit steps, payload, and mitigation advice, demonstrating a clear understanding of the vulnerability.

Classification
Writeup 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target: Sourcecodester Vehicle Service Management System 1.0
Auth required
Prerequisites: Admin access to the target application
devstral-2 · analyzed May 19, 2026 Full analysis →
nomisec WORKING POC
by sanupl · poc
https://github.com/sanupl/Vehicle-Service-Management-System-Settings-Stored-Cross-Site-Scripting-XSS

This repository provides a functional proof-of-concept for a stored XSS vulnerability in Sourcecodester Vehicle Service Management System 1.0. The exploit involves injecting malicious JavaScript into the 'Settings' section, which executes when the payload is saved and rendered.

Classification
Working Poc 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target: Sourcecodester Vehicle Service Management System 1.0
Auth required
Prerequisites: Admin access to the Vehicle Service Management System · Ability to navigate to the Settings section
devstral-2 · analyzed May 19, 2026 Full analysis →
nomisec WRITEUP
by plsanu · poc
https://github.com/plsanu/Vehicle-Service-Management-System-Settings-Stored-Cross-Site-Scripting-XSS

This repository contains a writeup for CVE-2021-46074, a stored XSS vulnerability in Sourcecodester Vehicle Service Management System 1.0. The exploit involves injecting a malicious script into the Settings Section input fields, which executes when updated.

Classification
Writeup 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target: Sourcecodester Vehicle Service Management System 1.0
Auth required
Prerequisites: Admin access to the Vehicle Service Management System
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Scores

CVSS v3 4.8
EPSS 0.0114
EPSS Percentile 62.5%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

Details

CWE
CWE-79
Status published
Products (1)
vehicle_service_management_system_project/vehicle_service_management_system < 1.0
Published Jan 06, 2022
Tracked Since Feb 18, 2026