code-projects Simple Laundry System Parameter modify.php cross site scripting

A vulnerability was identified in code-projects Simple Laundry System 1.0. This impacts an unknown function of the file /modify.php of the component Parameter Handler. The manipulation of the argument firstName leads to cross site scripting. The attack may be initiated remotely. The exploit is publicly available and might be used.

Problem type

Affected products

code-projects

Simple Laundry System

1.0 - AFFECTED

References

VDB-353154 | code-projects Simple Laundry System Parameter modify.php cross site scripting

https://vuldb.com/?id.353154

vdb-entrytechnical-description

VDB-353154 | CTI Indicators (IOB, IOC, TTP, IOA)

https://vuldb.com/?ctiid.353154

signaturepermissions-required

Submit #776183 | code-projects Simple Laundry System V1.0 cross site scripting

https://vuldb.com/?submit.776183

third-party-advisory

github.com

https://github.com/kbloow/CVE/issues/2

exploitissue-tracking

code-projects.org

https://code-projects.org/

product

GitHub Security Advisories

GHSA-wgxm-cpjf-429r

A vulnerability was identified in code-projects Simple Laundry System 1.0. This impacts an...

https://github.com/advisories/GHSA-wgxm-cpjf-429r

nvd.nist.gov

https://nvd.nist.gov/vuln/detail/CVE-2026-4849

github.com

https://github.com/kbloow/CVE/issues/2

code-projects.org

https://code-projects.org

vuldb.com

https://vuldb.com/?ctiid.353154

vuldb.com

https://vuldb.com/?id.353154

vuldb.com

https://vuldb.com/?submit.776183

github.com

https://github.com/advisories/GHSA-wgxm-cpjf-429r

JSON source

https://cveawg.mitre.org/api/cve/CVE-2026-4849

Click to expand

{
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "cveMetadata": {
    "cveId": "CVE-2026-4849",
    "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
    "assignerShortName": "VulDB",
    "dateUpdated": "2026-03-26T07:41:54.393Z",
    "dateReserved": "2026-03-25T14:55:25.341Z",
    "datePublished": "2026-03-26T07:41:54.393Z",
    "state": "PUBLISHED"
  },
  "containers": {
    "cna": {
      "providerMetadata": {
        "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "shortName": "VulDB",
        "dateUpdated": "2026-03-26T07:41:54.393Z"
      },
      "title": "code-projects Simple Laundry System Parameter modify.php cross site scripting",
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability was identified in code-projects Simple Laundry System 1.0. This impacts an unknown function of the file /modify.php of the component Parameter Handler. The manipulation of the argument firstName leads to cross site scripting. The attack may be initiated remotely. The exploit is publicly available and might be used."
        }
      ],
      "affected": [
        {
          "vendor": "code-projects",
          "product": "Simple Laundry System",
          "cpes": [
            "cpe:2.3:a:code-projects:simple_laundry_system:*:*:*:*:*:*:*:*"
          ],
          "modules": [
            "Parameter Handler"
          ],
          "versions": [
            {
              "version": "1.0",
              "status": "affected"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "lang": "en",
              "description": "Cross Site Scripting",
              "cweId": "CWE-79",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "lang": "en",
              "description": "Code Injection",
              "cweId": "CWE-94",
              "type": "CWE"
            }
          ]
        }
      ],
      "references": [
        {
          "url": "https://vuldb.com/?id.353154",
          "name": "VDB-353154 | code-projects Simple Laundry System Parameter modify.php cross site scripting",
          "tags": [
            "vdb-entry",
            "technical-description"
          ]
        },
        {
          "url": "https://vuldb.com/?ctiid.353154",
          "name": "VDB-353154 | CTI Indicators (IOB, IOC, TTP, IOA)",
          "tags": [
            "signature",
            "permissions-required"
          ]
        },
        {
          "url": "https://vuldb.com/?submit.776183",
          "name": "Submit #776183 | code-projects Simple Laundry System V1.0 cross site scripting",
          "tags": [
            "third-party-advisory"
          ]
        },
        {
          "url": "https://github.com/kbloow/CVE/issues/2",
          "tags": [
            "exploit",
            "issue-tracking"
          ]
        },
        {
          "url": "https://code-projects.org/",
          "tags": [
            "product"
          ]
        }
      ],
      "metrics": [
        {},
        {
          "cvssV3_1": {
            "version": "3.1",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R",
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM"
          }
        },
        {
          "cvssV3_0": {
            "version": "3.0",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R",
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM"
          }
        },
        {
          "cvssV2_0": {
            "version": "2.0",
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N/E:POC/RL:ND/RC:UR",
            "baseScore": 5
          }
        }
      ],
      "timeline": [
        {
          "time": "2026-03-25T00:00:00.000Z",
          "lang": "en",
          "value": "Advisory disclosed"
        },
        {
          "time": "2026-03-25T01:00:00.000Z",
          "lang": "en",
          "value": "VulDB entry created"
        },
        {
          "time": "2026-03-25T16:00:34.000Z",
          "lang": "en",
          "value": "VulDB entry last update"
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "kbloow (VulDB User)",
          "type": "reporter"
        }
      ],
      "tags": [
        "x_freeware"
      ]
    }
  }
}