← Back
2026-03-26 13:5CVE-2026-4877VulDB
PUBLISHED5.2ApplicationCWE-79CWE-94x_freeware

itsourcecode Payroll Management System index.php cross site scripting

A security flaw has been discovered in itsourcecode Payroll Management System up to 1.0. This affects an unknown function of the file /index.php. Performing a manipulation of the argument page results in cross site scripting. It is possible to initiate the attack remotely. The exploit has been released to the public and may be used for attacks.

Problem type

Affected products

itsourcecode

Payroll Management System

1.0 - AFFECTED

References

VDB-353560 | itsourcecode Payroll Management System index.php cross site scripting

https://vuldb.com/?id.353560

vdb-entrytechnical-description
VDB-353560 | CTI Indicators (IOB, IOC, TTP, IOA)

https://vuldb.com/?ctiid.353560

signaturepermissions-required
Submit #776249 | itsourcecode Payroll Management System V1.0 Cross Site Scripting

https://vuldb.com/?submit.776249

third-party-advisory
github.com

https://github.com/ltranquility/submit/issues/4

exploitissue-tracking
itsourcecode.com

https://itsourcecode.com/

product

JSON source

https://cveawg.mitre.org/api/cve/CVE-2026-4877
Click to expand
{
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "cveMetadata": {
    "cveId": "CVE-2026-4877",
    "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
    "assignerShortName": "VulDB",
    "dateUpdated": "2026-03-26T18:25:16.231Z",
    "dateReserved": "2026-03-26T06:10:55.785Z",
    "datePublished": "2026-03-26T13:05:39.008Z",
    "state": "PUBLISHED"
  },
  "containers": {
    "cna": {
      "providerMetadata": {
        "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "shortName": "VulDB",
        "dateUpdated": "2026-03-26T13:05:39.008Z"
      },
      "title": "itsourcecode Payroll Management System index.php cross site scripting",
      "descriptions": [
        {
          "lang": "en",
          "value": "A security flaw has been discovered in itsourcecode Payroll Management System up to 1.0. This affects an unknown function of the file /index.php. Performing a manipulation of the argument page results in cross site scripting. It is possible to initiate the attack remotely. The exploit has been released to the public and may be used for attacks."
        }
      ],
      "affected": [
        {
          "vendor": "itsourcecode",
          "product": "Payroll Management System",
          "cpes": [
            "cpe:2.3:a:itsourcecode:payroll_management_system:*:*:*:*:*:*:*:*"
          ],
          "versions": [
            {
              "version": "1.0",
              "status": "affected"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "lang": "en",
              "description": "Cross Site Scripting",
              "cweId": "CWE-79",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "lang": "en",
              "description": "Code Injection",
              "cweId": "CWE-94",
              "type": "CWE"
            }
          ]
        }
      ],
      "references": [
        {
          "url": "https://vuldb.com/?id.353560",
          "name": "VDB-353560 | itsourcecode Payroll Management System index.php cross site scripting",
          "tags": [
            "vdb-entry",
            "technical-description"
          ]
        },
        {
          "url": "https://vuldb.com/?ctiid.353560",
          "name": "VDB-353560 | CTI Indicators (IOB, IOC, TTP, IOA)",
          "tags": [
            "signature",
            "permissions-required"
          ]
        },
        {
          "url": "https://vuldb.com/?submit.776249",
          "name": "Submit #776249 | itsourcecode Payroll Management System V1.0 Cross Site Scripting",
          "tags": [
            "third-party-advisory"
          ]
        },
        {
          "url": "https://github.com/ltranquility/submit/issues/4",
          "tags": [
            "exploit",
            "issue-tracking"
          ]
        },
        {
          "url": "https://itsourcecode.com/",
          "tags": [
            "product"
          ]
        }
      ],
      "metrics": [
        {},
        {
          "cvssV3_1": {
            "version": "3.1",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R",
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM"
          }
        },
        {
          "cvssV3_0": {
            "version": "3.0",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R",
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM"
          }
        },
        {
          "cvssV2_0": {
            "version": "2.0",
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N/E:POC/RL:ND/RC:UR",
            "baseScore": 5
          }
        }
      ],
      "timeline": [
        {
          "time": "2026-03-26T00:00:00.000Z",
          "lang": "en",
          "value": "Advisory disclosed"
        },
        {
          "time": "2026-03-26T01:00:00.000Z",
          "lang": "en",
          "value": "VulDB entry created"
        },
        {
          "time": "2026-03-26T07:16:02.000Z",
          "lang": "en",
          "value": "VulDB entry last update"
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "zhangbaichuan.01 (VulDB User)",
          "type": "reporter"
        }
      ],
      "tags": [
        "x_freeware"
      ]
    },
    "adp": [
      {
        "providerMetadata": {
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP",
          "dateUpdated": "2026-03-26T18:25:16.231Z"
        },
        "title": "CISA ADP Vulnrichment",
        "metrics": [
          {}
        ]
      }
    ]
  }
}