PT-2026-28650 · Code Projects · Simple Laundry System

Kbloow

Published

2026-03-26

Updated

2026-03-26

CVE-2026-4849

CVSS v3.1

6.1

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions code-projects Simple Laundry System version 1.0

Description A cross site scripting issue exists in the Parameter Handler component of code-projects Simple Laundry System. The issue is related to the manipulation of the firstName argument within the /modify.php file. The attack can be initiated remotely and the exploit is publicly available.

Recommendations Apply any available updates to address the issue in the Parameter Handler component of the affected system. As a temporary workaround, consider restricting access to the /modify.php file. Avoid using the firstName parameter in the affected file until the issue is resolved.

Exploit

Fix

XSS

Code Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79CWE-94

Related Identifiers

CVE-2026-4849

Affected Products

Simple Laundry System

PT-2026-28650 · Code Projects · Simple Laundry System

CVE-2026-4849

Weakness Enumeration

Related Identifiers

Affected Products

References · 8