CVE-2026-6032

MEDIUM

code-projects Simple Laundry System checkcheckout.php cross site scripting

Title source: cna

Description

A vulnerability was found in code-projects Simple Laundry System 1.0. This impacts an unknown function of the file /checkcheckout.php. Performing a manipulation of the argument serviceId results in cross site scripting. The attack is possible to be carried out remotely. The exploit has been made public and could be used.

References (5)

[Vdb Entry, Technical Description] https://vuldb.com/vuln/356608

[Signature, Permissions Required] https://vuldb.com/vuln/356608/cti

[Third Party Advisory] https://vuldb.com/submit/795487

[Exploit] https://github.com/GeekShuo/None/issues/1

[Product] https://code-projects.org/

Scores

CVSS v3 4.3

EPSS 0.0003

EPSS Percentile 10.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Details

CWE

CWE-79 CWE-94

Status published

Products (1)

code-projects/Simple Laundry System 1.0

Published Apr 10, 2026

Tracked Since Apr 10, 2026