CVE-2026-6034
MEDIUMcode-projects Vehicle Showroom Management System ProfitAndLossReport.php cross site scripting
Title source: cnaDescription
A flaw has been found in code-projects Vehicle Showroom Management System 1.0. Impacted is an unknown function of the file /BranchManagement/ProfitAndLossReport.php. Executing a manipulation of the argument BRANCH_ID can lead to cross site scripting. The attack may be launched remotely. The exploit has been published and may be used.
Scores
CVSS v3
4.3
EPSS
0.0003
EPSS Percentile
10.5%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Details
CWE
CWE-79
CWE-94
Status
published
Products (1)
code-projects/Vehicle Showroom Management System
1.0
Published
Apr 10, 2026
Tracked Since
Apr 10, 2026