CVE-2023-36159

MEDIUM

Sourcecodester Lost and Found Info Sys 1.0 - XSS

Title source: llm

Description

Cross Site Scripting (XSS) vulnerability in sourcecodester Lost and Found Information System 1.0 allows remote attackers to run arbitrary code via the First Name, Middle Name and Last Name fields on the Create User page.

Exploits (1)

nomisec WRITEUP

by unknown00759 · poc

https://github.com/unknown00759/CVE-2023-36159

View Code ZIP pw:eip

References (3)

Core 3

Core References

Various Sources

https://cyberredteam.tech/posts/cve-2023-36159/

Not Applicable

http://lost.com

Product

https://www.sourcecodester.com/php/16525/lost-and-found-information-system-using-php-and-mysql-db-source-code-free-download.html

Scores

CVSS v3 6.1

EPSS 0.0012

EPSS Percentile 30.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-79

Status published

Products (1)

oretnom23/lost_and_found_information_system 1.0

Published Aug 04, 2023

Tracked Since Feb 18, 2026