CVE-2021-46078

MEDIUM

Sourcecodester Vehicle Service Mgmt 1.0 - XSS

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 3 public exploits for CVE-2021-46078. PoCs published by sanupl, plsanu.

AI-analyzed exploit summary This repository provides a detailed technical writeup for CVE-2021-46078, a stored XSS vulnerability in Sourcecodester Vehicle Service Management System 1.0. It describes multiple attack vectors via unrestricted file uploads in different admin panel sections, including payload examples and exploitation steps.

Description

An Unrestricted File Upload vulnerability exists in Sourcecodester Vehicle Service Management System 1.0. A remote attacker can upload malicious files leading to a Stored Cross-Site Scripting vulnerability.

Exploits (3)

nomisec WRITEUP 1 stars
by sanupl · poc
https://github.com/sanupl/CVE-2021-46078

This repository provides a detailed technical writeup for CVE-2021-46078, a stored XSS vulnerability in Sourcecodester Vehicle Service Management System 1.0. It describes multiple attack vectors via unrestricted file uploads in different admin panel sections, including payload examples and exploitation steps.

Classification
Writeup 95%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target: Sourcecodester Vehicle Service Management System 1.0
Auth required
Prerequisites: admin access to the target system · ability to upload files in the admin panel
devstral-2 · analyzed May 19, 2026 Full analysis →
nomisec WORKING POC
by sanupl · poc
https://github.com/sanupl/Vehicle-Service-Management-System-Multiple-File-upload-Leads-to-Stored-Cross-Site-Scripting

The repository provides a functional proof-of-concept for CVE-2021-46078, demonstrating how an attacker can exploit unrestricted file upload vulnerabilities in the Vehicle Service Management System to achieve stored XSS via malicious HTML files uploaded through multiple endpoints.

Classification
Working Poc 95%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target: Sourcecodester Vehicle Service Management System 1.0
Auth required
Prerequisites: admin access to the Vehicle Service Management System · ability to upload files in specific sections (MyAccount, User List, Settings)
devstral-2 · analyzed May 19, 2026 Full analysis →
nomisec WORKING POC
by plsanu · poc
https://github.com/plsanu/Vehicle-Service-Management-System-Multiple-File-upload-Leads-to-Stored-Cross-Site-Scripting

This repository contains a proof-of-concept for CVE-2021-46078, demonstrating multiple file upload vulnerabilities in the Vehicle Service Management System 1.0 that lead to stored XSS. The exploit involves uploading malicious HTML files disguised as images in various admin sections.

Classification
Working Poc 100%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target: Sourcecodester Vehicle Service Management System 1.0
Auth required
Prerequisites: Admin access to the Vehicle Service Management System
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Scores

CVSS v3 4.8
EPSS 0.0126
EPSS Percentile 65.8%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

Details

CWE
CWE-434
Status published
Products (1)
vehicle_service_management_system_project/vehicle_service_management_system < 1.0
Published Jan 06, 2022
Tracked Since Feb 18, 2026