itsourcecode Payroll Management System manage_employee_allowances.php cross site scripting

A vulnerability was determined in itsourcecode Payroll Management System 1.0. Affected is an unknown function of the file /manage_employee_allowances.php. This manipulation of the argument ID causes cross site scripting. The attack is possible to be carried out remotely. The exploit has been publicly disclosed and may be utilized.

Problem type

Affected products

itsourcecode

Payroll Management System

1.0 - AFFECTED

References

VDB-349778 | itsourcecode Payroll Management System manage_employee_allowances.php cross site scripting

https://vuldb.com/?id.349778

vdb-entrytechnical-description

VDB-349778 | CTI Indicators (IOB, IOC, TTP, IOA)

https://vuldb.com/?ctiid.349778

signaturepermissions-required

Submit #769103 | itsourcecode Payroll Management System V1.0 Cross Site Scripting

https://vuldb.com/?submit.769103

third-party-advisory

github.com

https://github.com/ltranquility/cve_submit/issues/10

exploitissue-tracking

itsourcecode.com

https://itsourcecode.com/

product

GitHub Security Advisories

GHSA-m4w9-9vch-mj8x

A vulnerability was determined in itsourcecode Payroll Management System 1.0. Affected is an...

https://github.com/advisories/GHSA-m4w9-9vch-mj8x

nvd.nist.gov

https://nvd.nist.gov/vuln/detail/CVE-2026-3812

github.com

https://github.com/ltranquility/cve_submit/issues/10

itsourcecode.com

https://itsourcecode.com

vuldb.com

https://vuldb.com/?ctiid.349778

vuldb.com

https://vuldb.com/?id.349778

vuldb.com

https://vuldb.com/?submit.769103

github.com

https://github.com/advisories/GHSA-m4w9-9vch-mj8x

JSON source

https://cveawg.mitre.org/api/cve/CVE-2026-3812

Click to expand

{
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "cveMetadata": {
    "cveId": "CVE-2026-3812",
    "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
    "assignerShortName": "VulDB",
    "dateUpdated": "2026-03-09T09:02:08.141Z",
    "dateReserved": "2026-03-08T16:24:34.768Z",
    "datePublished": "2026-03-09T09:02:08.141Z",
    "state": "PUBLISHED"
  },
  "containers": {
    "cna": {
      "providerMetadata": {
        "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "shortName": "VulDB",
        "dateUpdated": "2026-03-09T09:02:08.141Z"
      },
      "title": "itsourcecode Payroll Management System manage_employee_allowances.php cross site scripting",
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability was determined in itsourcecode Payroll Management System 1.0. Affected is an unknown function of the file /manage_employee_allowances.php. This manipulation of the argument ID causes cross site scripting. The attack is possible to be carried out remotely. The exploit has been publicly disclosed and may be utilized."
        }
      ],
      "affected": [
        {
          "vendor": "itsourcecode",
          "product": "Payroll Management System",
          "cpes": [
            "cpe:2.3:a:itsourcecode:payroll_management_system:*:*:*:*:*:*:*:*"
          ],
          "versions": [
            {
              "version": "1.0",
              "status": "affected"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "lang": "en",
              "description": "Cross Site Scripting",
              "cweId": "CWE-79",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "lang": "en",
              "description": "Code Injection",
              "cweId": "CWE-94",
              "type": "CWE"
            }
          ]
        }
      ],
      "references": [
        {
          "url": "https://vuldb.com/?id.349778",
          "name": "VDB-349778 | itsourcecode Payroll Management System manage_employee_allowances.php cross site scripting",
          "tags": [
            "vdb-entry",
            "technical-description"
          ]
        },
        {
          "url": "https://vuldb.com/?ctiid.349778",
          "name": "VDB-349778 | CTI Indicators (IOB, IOC, TTP, IOA)",
          "tags": [
            "signature",
            "permissions-required"
          ]
        },
        {
          "url": "https://vuldb.com/?submit.769103",
          "name": "Submit #769103 | itsourcecode Payroll Management System V1.0 Cross Site Scripting",
          "tags": [
            "third-party-advisory"
          ]
        },
        {
          "url": "https://github.com/ltranquility/cve_submit/issues/10",
          "tags": [
            "exploit",
            "issue-tracking"
          ]
        },
        {
          "url": "https://itsourcecode.com/",
          "tags": [
            "product"
          ]
        }
      ],
      "metrics": [
        {},
        {
          "cvssV3_1": {
            "version": "3.1",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R",
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM"
          }
        },
        {
          "cvssV3_0": {
            "version": "3.0",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R",
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM"
          }
        },
        {
          "cvssV2_0": {
            "version": "2.0",
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N/E:POC/RL:ND/RC:UR",
            "baseScore": 5
          }
        }
      ],
      "timeline": [
        {
          "time": "2026-03-08T00:00:00.000Z",
          "lang": "en",
          "value": "Advisory disclosed"
        },
        {
          "time": "2026-03-08T01:00:00.000Z",
          "lang": "en",
          "value": "VulDB entry created"
        },
        {
          "time": "2026-03-08T17:29:39.000Z",
          "lang": "en",
          "value": "VulDB entry last update"
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "innocence3130 (VulDB User)",
          "type": "reporter"
        }
      ],
      "tags": [
        "x_freeware"
      ]
    }
  }
}