{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2026-4849","assignerOrgId":"1af790b2-7ee1-4545-860a-a788eba489b5","state":"PUBLISHED","assignerShortName":"VulDB","dateReserved":"2026-03-25T14:55:25.341Z","datePublished":"2026-03-26T07:41:54.393Z","dateUpdated":"2026-03-28T02:12:49.062Z"},"containers":{"cna":{"providerMetadata":{"orgId":"1af790b2-7ee1-4545-860a-a788eba489b5","shortName":"VulDB","dateUpdated":"2026-03-26T07:41:54.393Z"},"title":"code-projects Simple Laundry System Parameter modify.php cross site scripting","problemTypes":[{"descriptions":[{"type":"CWE","cweId":"CWE-79","lang":"en","description":"Cross Site Scripting"}]},{"descriptions":[{"type":"CWE","cweId":"CWE-94","lang":"en","description":"Code Injection"}]}],"affected":[{"vendor":"code-projects","product":"Simple Laundry System","versions":[{"version":"1.0","status":"affected"}],"cpes":["cpe:2.3:a:code-projects:simple_laundry_system:*:*:*:*:*:*:*:*"],"modules":["Parameter Handler"]}],"descriptions":[{"lang":"en","value":"A vulnerability was identified in code-projects Simple Laundry System 1.0. This impacts an unknown function of the file /modify.php of the component Parameter Handler. The manipulation of the argument firstName leads to cross site scripting. The attack may be initiated remotely. The exploit is publicly available and might be used."}],"metrics":[{"cvssV4_0":{"version":"4.0","baseScore":5.3,"vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P","baseSeverity":"MEDIUM"}},{"cvssV3_1":{"version":"3.1","baseScore":4.3,"vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R","baseSeverity":"MEDIUM"}},{"cvssV3_0":{"version":"3.0","baseScore":4.3,"vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R","baseSeverity":"MEDIUM"}},{"cvssV2_0":{"version":"2.0","baseScore":5,"vectorString":"AV:N/AC:L/Au:N/C:N/I:P/A:N/E:POC/RL:ND/RC:UR"}}],"timeline":[{"time":"2026-03-25T00:00:00.000Z","lang":"en","value":"Advisory disclosed"},{"time":"2026-03-25T01:00:00.000Z","lang":"en","value":"VulDB entry created"},{"time":"2026-03-25T16:00:34.000Z","lang":"en","value":"VulDB entry last update"}],"credits":[{"lang":"en","value":"kbloow (VulDB User)","type":"reporter"}],"references":[{"url":"https://vuldb.com/?id.353154","name":"VDB-353154 | code-projects Simple Laundry System Parameter modify.php cross site scripting","tags":["vdb-entry","technical-description"]},{"url":"https://vuldb.com/?ctiid.353154","name":"VDB-353154 | CTI Indicators (IOB, IOC, TTP, IOA)","tags":["signature","permissions-required"]},{"url":"https://vuldb.com/?submit.776183","name":"Submit #776183 | code-projects Simple Laundry System V1.0 cross site scripting","tags":["third-party-advisory"]},{"url":"https://github.com/kbloow/CVE/issues/2","tags":["exploit","issue-tracking"]},{"url":"https://code-projects.org/","tags":["product"]}],"tags":["x_freeware"]},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2026-03-28T02:12:29.669288Z","id":"CVE-2026-4849","options":[{"Exploitation":"poc"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2026-03-28T02:12:49.062Z"}}]}}