code-projects Online Product Reservation System prod.php cross site scripting

5.3 / 10

MEDIUM

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P

Description

A vulnerability was detected in code-projects Online Product Reservation System 1.0. The affected element is an unknown function of the file handgunner-administrator/prod.php. Performing a manipulation of the argument cat results in cross site scripting. The attack is possible to be carried out remotely. The exploit is now public and may be used.

Basic Information

ID CVE-2026-0586

Source VulDB

Published Jan 5, 2026 at 10:32

Affected Product

Vendor code-projects

Product Online Product Reservation System

Version 1.0

Affected Versions code-projects Online Product Reservation System 1.0

CWE Classification

CWE-79 CWE-94

References

{
    "lastseen": "",
    "description": "A vulnerability was detected in code-projects Online Product Reservation System 1.0. The affected element is an unknown function of the file handgunner-administrator/prod.php. Performing a manipulation of the argument cat results in cross site scripting. The attack is possible to be carried out remotely. The exploit is now public and may be used.",
    "published": "2026-01-05T10:32:06.143Z",
    "modified": "2026-01-05T10:32:06.143Z",
    "type": "cve",
    "title": "code-projects Online Product Reservation System prod.php cross site scripting",
    "source": "VulDB",
    "references": "https://vuldb.com/?id.339478\nhttps://vuldb.com/?ctiid.339478\nhttps://vuldb.com/?submit.731098\nhttps://github.com/foeCat/CVE/blob/main/OnlineProductReservation_PHP/xss_prod.php.md\nhttps://github.com/foeCat/CVE/blob/main/OnlineProductReservation_PHP/xss_prod.php.md#poc\nhttps://code-projects.org/",
    "id": "CVE-2026-0586",
    "bulletinFamily": "",
    "cwe": [
        "CWE-79",
        "CWE-94"
    ],
    "cvelist": null,
    "sourceData": "code-projects Online Product Reservation System 1.0",
    "sourceHref": "",
    "cvss": {
        "score": 5.3,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Online Product Reservation System",
    "version": "1.0",
    "vendor": "code-projects",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

code-projects Online Product Reservation System prod.php cross site scripting_CVE-2026-0586