CVE-2023-36158

MEDIUM

Sourcecodester Toll Tax Mgmt 1.0 - XSS

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2023-36158. PoCs published by unknown00759.

AI-analyzed exploit summary This repository contains a writeup describing a Cross-Site Scripting (XSS) vulnerability in the Toll Tax Management System 1.0. The vulnerability allows remote attackers to execute arbitrary code via the First Name and Last Name fields on the My Account page.

Description

Cross Site Scripting (XSS) vulnerability in sourcecodester Toll Tax Management System 1.0 allows remote attackers to run arbitrary code via the First Name and Last Name fields on the My Account page.

Exploits (1)

nomisec WRITEUP
by unknown00759 · poc
https://github.com/unknown00759/CVE-2023-36158

This repository contains a writeup describing a Cross-Site Scripting (XSS) vulnerability in the Toll Tax Management System 1.0. The vulnerability allows remote attackers to execute arbitrary code via the First Name and Last Name fields on the My Account page.

Classification
Writeup 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target: sourcecodester Toll Tax Management System 1.0
Auth required
Prerequisites: Access to the My Account page · User interaction to trigger the XSS payload
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4

Scores

CVSS v3 6.1
EPSS 0.0062
EPSS Percentile 45.2%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact partial

Details

CWE
CWE-79
Status published
Products (1)
oretnom23/toll_tax_management_system 1.0
Published Aug 04, 2023
Tracked Since Feb 18, 2026