CVE-2026-4849

MEDIUM

code-projects Simple Laundry System Parameter modify.php cross site scripting

Title source: cna

Description

A vulnerability was identified in code-projects Simple Laundry System 1.0. This impacts an unknown function of the file /modify.php of the component Parameter Handler. The manipulation of the argument firstName leads to cross site scripting. The attack may be initiated remotely. The exploit is publicly available and might be used.

References (5)

[Vdb Entry, Technical Description] https://vuldb.com/?id.353154

[Signature, Permissions Required] https://vuldb.com/?ctiid.353154

[Third Party Advisory] https://vuldb.com/?submit.776183

[Exploit] https://github.com/kbloow/CVE/issues/2

[Product] https://code-projects.org/

Scores

CVSS v3 4.3

EPSS 0.0003

EPSS Percentile 9.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Details

CWE

CWE-79 CWE-94

Status published

Products (2)

code-projects/Simple Laundry System 1.0

code-projects/simple_laundry_system 1.0

Published Mar 26, 2026

Tracked Since Mar 26, 2026