Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Network-reachable stored XSS requiring low-privilege submission and admin view; scope changes to admin browser with limited confidentiality and integrity impact.
Primary rating from Vendor (vuldb).
CVSS VectorVendor: vuldb
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
1DescriptionCVE.org
A security flaw has been discovered in CodeAstro Complaint Management System 1.0. This issue affects some unknown processing of the file /report/addreport of the component Report Handler. Performing a manipulation of the argument Report Title results in cross site scripting. Remote exploitation of the attack is possible. The exploit has been released to the public and may be used for attacks.
AnalysisAI
Stored cross-site scripting in CodeAstro Complaint Management System 1.0 allows a low-privileged authenticated user to inject persistent malicious scripts via the Report Title field at the /report/addreport endpoint, which then execute in the context of any administrator who views the submitted report. The GitHub-published proof-of-concept confirms the payload is stored and surfaces in the admin panel, enabling session hijacking or admin-context actions without further attacker interaction after initial submission. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | The attacker must hold a valid low-privilege account on the CodeAstro Complaint Management System 1.0 instance with permission to submit reports via the /report/addreport endpoint (PR:L per CVSS vector). … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The NVD-reported CVSS 4.0 score of 2.0 is unusually low and primarily reflects the constrained scope metrics (VC:N/VI:L/VA:N/SC:N/SI:N/SA:N) and the passive UI:P requirement. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker with a low-privilege account on the CodeAstro Complaint Management System submits a new report via /report/addreport, injecting a JavaScript payload such as a cookie-stealing script into the Report Title field. When an administrator subsequently opens the reports view in the admin panel, the stored payload executes silently in the admin's browser, exfiltrating the session cookie to an attacker-controlled server and granting full administrative access. … |
| Remediation | The primary fix is to apply output encoding and server-side input sanitization to the Report Title field in the Report Handler component at /report/addreport, ensuring user-supplied HTML special characters are neutralized before storage and before rendering in the admin panel. … Detailed patch versions, workarounds, and compensating controls in full report. |
Threat intelligence, references, and detailed analysis are available after sign-in.
Same weakness CWE-79 – Cross-site Scripting (XSS)
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-40067
GHSA-q74h-h8mf-f6rx