CVE-2026-3812

Name of the Vulnerable Software and Affected Versions itsourcecode Payroll Management System version 1.0

Description A flaw exists in itsourcecode Payroll Management System that allows for cross site scripting. The issue is related to the manipulation of the ID argument within an unknown function of the /manage employee allowances.php file. This manipulation can be carried out remotely. The exploit for this issue has been publicly disclosed.

Recommendations Apply a fix for itsourcecode Payroll Management System version 1.0. As a temporary workaround, consider restricting access to the /manage employee allowances.php file.