CVE-2026-5319

MEDIUM

itsourcecode Payroll Management System navbar.php cross site scripting

Title source: cna

Description

A security vulnerability has been detected in itsourcecode Payroll Management System up to 1.0. Affected is an unknown function of the file /navbar.php. Such manipulation of the argument page leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed publicly and may be used.

References (5)

[Vdb Entry, Technical Description] https://vuldb.com/vuln/354651

[Signature, Permissions Required] https://vuldb.com/vuln/354651/cti

[Third Party Advisory] https://vuldb.com/submit/778613

[Exploit] https://github.com/ltranquility/submit/issues/5

[Product] https://itsourcecode.com/

Scores

CVSS v3 4.3

EPSS 0.0001

EPSS Percentile 1.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-79 CWE-94

Status published

Products (1)

itsourcecode/Payroll Management System 1.0

Published Apr 02, 2026

Tracked Since Apr 02, 2026