CVE-2023-36159

MEDIUM

Sourcecodester Lost and Found Info Sys 1.0 - XSS

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2023-36159. PoCs published by unknown00759.

AI-analyzed exploit summary This repository contains a writeup describing a Cross-Site Scripting (XSS) vulnerability in sourcecodester Lost and Found Information System 1.0. The vulnerability allows remote attackers to execute arbitrary code via the First Name, Middle Name, and Last Name fields on the Create User page.

Description

Cross Site Scripting (XSS) vulnerability in sourcecodester Lost and Found Information System 1.0 allows remote attackers to run arbitrary code via the First Name, Middle Name and Last Name fields on the Create User page.

Exploits (1)

nomisec WRITEUP
by unknown00759 · poc
https://github.com/unknown00759/CVE-2023-36159

This repository contains a writeup describing a Cross-Site Scripting (XSS) vulnerability in sourcecodester Lost and Found Information System 1.0. The vulnerability allows remote attackers to execute arbitrary code via the First Name, Middle Name, and Last Name fields on the Create User page.

Classification
Writeup 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target: sourcecodester Lost and Found Information System 1.0
No auth needed
Prerequisites: Access to the Create User page
MITRE ATT&CK
mistral-large-3 · analyzed Feb 16, 2026 Full analysis →

Scores

CVSS v3 6.1
EPSS 0.0051
EPSS Percentile 39.9%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-79
Status published
Products (1)
oretnom23/lost_and_found_information_system 1.0
Published Aug 04, 2023
Tracked Since Feb 18, 2026