{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-5539", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2026-04-04T06:46:53.555Z", "datePublished": "2026-04-05T03:30:16.690Z", "dateUpdated": "2026-04-07T02:38:44.818Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2026-04-05T03:30:16.690Z"}, "title": "code-projects Simple Laundry System Parameter modifymember.php cross site scripting", "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-79", "lang": "en", "description": "Cross Site Scripting"}]}, {"descriptions": [{"type": "CWE", "cweId": "CWE-94", "lang": "en", "description": "Code Injection"}]}], "affected": [{"vendor": "code-projects", "product": "Simple Laundry System", "versions": [{"version": "1.0", "status": "affected"}], "cpes": ["cpe:2.3:a:code-projects:simple_laundry_system:*:*:*:*:*:*:*:*"], "modules": ["Parameter Handler"]}], "descriptions": [{"lang": "en", "value": "A flaw has been found in code-projects Simple Laundry System 1.0. This affects an unknown part of the file /modifymember.php of the component Parameter Handler. This manipulation of the argument firstName causes cross site scripting. The attack can be initiated remotely. The exploit has been published and may be used."}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 5.3, "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P", "baseSeverity": "MEDIUM"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 4.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R", "baseSeverity": "MEDIUM"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 4.3, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R", "baseSeverity": "MEDIUM"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 5, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N/E:POC/RL:ND/RC:UR"}}], "timeline": [{"time": "2026-04-04T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed"}, {"time": "2026-04-04T02:00:00.000Z", "lang": "en", "value": "VulDB entry created"}, {"time": "2026-04-04T08:52:09.000Z", "lang": "en", "value": "VulDB entry last update"}], "credits": [{"lang": "en", "value": "Weining Xiao (VulDB User)", "type": "reporter"}], "references": [{"url": "https://vuldb.com/vuln/355292", "name": "VDB-355292 | code-projects Simple Laundry System Parameter modifymember.php cross site scripting", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/vuln/355292/cti", "name": "VDB-355292 | CTI Indicators (IOB, IOC, TTP, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/submit/782221", "name": "Submit #782221 | code-projects Simple Laundry System V1.0 cross site scripting", "tags": ["third-party-advisory"]}, {"url": "https://github.com/boyslikesports/vul-web/issues/5", "tags": ["exploit", "issue-tracking"]}, {"url": "https://code-projects.org/", "tags": ["product"]}], "tags": ["x_freeware"]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-07T02:38:26.670856Z", "id": "CVE-2026-5539", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-07T02:38:44.818Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"cna": {"tags": ["x_freeware"], "title": "code-projects Simple Laundry System Parameter modifymember.php cross site scripting", "credits": [{"lang": "en", "type": "reporter", "value": "Weining Xiao (VulDB User)"}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 4.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 4.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 5, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N/E:POC/RL:ND/RC:UR"}}], "affected": [{"cpes": ["cpe:2.3:a:code-projects:simple_laundry_system:*:*:*:*:*:*:*:*"], "vendor": "code-projects", "modules": ["Parameter Handler"], "product": "Simple Laundry System", "versions": [{"status": "affected", "version": "1.0"}]}], "timeline": [{"lang": "en", "time": "2026-04-04T00:00:00.000Z", "value": "Advisory disclosed"}, {"lang": "en", "time": "2026-04-04T02:00:00.000Z", "value": "VulDB entry created"}, {"lang": "en", "time": "2026-04-04T08:52:09.000Z", "value": "VulDB entry last update"}], "references": [{"url": "https://vuldb.com/vuln/355292", "name": "VDB-355292 | code-projects Simple Laundry System Parameter modifymember.php cross site scripting", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/vuln/355292/cti", "name": "VDB-355292 | CTI Indicators (IOB, IOC, TTP, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/submit/782221", "name": "Submit #782221 | code-projects Simple Laundry System V1.0 cross site scripting", "tags": ["third-party-advisory"]}, {"url": "https://github.com/boyslikesports/vul-web/issues/5", "tags": ["exploit", "issue-tracking"]}, {"url": "https://code-projects.org/", "tags": ["product"]}], "descriptions": [{"lang": "en", "value": "A flaw has been found in code-projects Simple Laundry System 1.0. This affects an unknown part of the file /modifymember.php of the component Parameter Handler. This manipulation of the argument firstName causes cross site scripting. The attack can be initiated remotely. The exploit has been published and may be used."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-79", "description": "Cross Site Scripting"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-94", "description": "Code Injection"}]}], "providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2026-04-05T03:30:16.690Z"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-5539", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-04-07T02:38:26.670856Z"}}}], "providerMetadata": {"shortName": "CISA-ADP", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "dateUpdated": "2026-04-07T02:38:34.400Z"}}]}, "cveMetadata": {"cveId": "CVE-2026-5539", "state": "PUBLISHED", "dateUpdated": "2026-04-05T03:30:16.690Z", "dateReserved": "2026-04-04T06:46:53.555Z", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "datePublished": "2026-04-05T03:30:16.690Z", "assignerShortName": "VulDB"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A flaw has been found in code-projects Simple Laundry System 1.0. This affects an unknown part of the file /modifymember.php of the component Parameter Handler. This manipulation of the argument firstName causes cross site scripting. The attack can be initiated remotely. The exploit has been published and may be used."}], "id": "CVE-2026-5539", "lastModified": "2026-04-07T13:20:35.010", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "cna@vuldb.com", "type": "Secondary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "cna@vuldb.com", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "PROOF_OF_CONCEPT", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "PASSIVE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "cna@vuldb.com", "type": "Secondary"}]}, "published": "2026-04-05T04:16:16.150", "references": [{"source": "cna@vuldb.com", "url": "https://code-projects.org/"}, {"source": "cna@vuldb.com", "url": "https://github.com/boyslikesports/vul-web/issues/5"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/submit/782221"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/vuln/355292"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/vuln/355292/cti"}], "sourceIdentifier": "cna@vuldb.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}, {"lang": "en", "value": "CWE-94"}], "source": "cna@vuldb.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "1.0"}}], "enrichment": {"confidence": 95.0, "confidence_source": "inferred", "scores": [{"score": 95.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "Simple Laundry System", "source": "cna", "vendor": "code-projects"}, "product": "simple_laundry_system", "vendor": "code-projects"}], "analysis": {"en": {"generated_at": "2026-04-05T06:21:42.031284+00:00", "value": {"mitigation_remediation": ["Apply the vendor\u2019s official patch or upgrade to a newer version of the Simple Laundry System that fixes the firstName XSS injection.", "If no patch is available, neutralise the vulnerability by validating, escaping or removing any script content from the firstName input before rendering it.", "Configure a web application firewall to block or escape script payloads targeting the /modifymember.php endpoint.", "Verify that the application does not expose the vulnerable endpoint to untrusted users and consider restricting access to the modifymember.php URL."], "summary": {"action": "Immediate Patch", "impact": "Cross\u2011Site Scripting (Remote)"}, "threat_synthesis": {"affected_systems": "The flaw affects code\u2011projects Simple Laundry System version\u202f1.0. No other product versions are listed in the CNA data.", "description_and_impact": "The vulnerability is a cross\u2011site scripting flaw located in the Parameter Handler component of Simple Laundry System 1.0. By manipulating the firstName argument in /modifymember.php, an attacker can inject arbitrary JavaScript that will be executed in the context of any user visiting the affected page. The flaw can be triggered from an external network, so it is remotely exploitable. This allows an attacker to deface the interface, steal session cookies, or perform other malicious actions within the victim\u2019s browser session.", "risk_and_exploitability": "The CVSS v3.1 score of 5.3 marks the vulnerability as moderate severity. No EPSS score is provided, and it is not included in the CISA KEV list, suggesting that widespread exploitation may not yet be documented. However, the existence of a published exploit indicates that attackers could potentially leverage it if the vulnerable system remains unpatched. Remote exploitation requires only the ability to send crafted input to modifymember.php, and no privileged credentials are necessary."}}}}, "created": "2026-04-06T20:26:40.521313+00:00", "updated": "2026-04-06T21:57:15.343947+00:00", "vendors": ["code-projects", "code-projects$PRODUCT$simple_laundry_system"]}