EUVD-2026-21338
GHSA-wvcm-8qcx-6vf4
CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
4Description
A flaw has been found in code-projects Vehicle Showroom Management System 1.0. Impacted is an unknown function of the file /BranchManagement/ProfitAndLossReport.php. Executing a manipulation of the argument BRANCH_ID can lead to cross site scripting. The attack may be launched remotely. The exploit has been published and may be used.
Analysis
Reflected cross-site scripting (XSS) in code-projects Vehicle Showroom Management System 1.0 allows remote unauthenticated attackers to inject malicious scripts via the BRANCH_ID parameter in /BranchManagement/ProfitAndLossReport.php, requiring user interaction to execute. Publicly available exploit code exists for this vulnerability, and while the CVSS score of 5.3 is moderate, the low integrity impact combined with user interaction requirement limits practical risk, though XSS vulnerabilities remain routinely exploitable in real-world scenarios.
Sign in for full analysis, threat intelligence, and remediation guidance.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today