SourceCodester Leave Application System User Management cross site scripting

4.8 / 10

MEDIUM

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P

Description

A security vulnerability has been detected in SourceCodester Leave Application System 1.0. Affected by this issue is some unknown functionality of the component User Management Handler. Such manipulation leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed publicly and may be used.

Basic Information

ID CVE-2026-5209

Source VulDB

Published Mar 31, 2026 at 18:30

Modified Mar 31, 2026 at 20:30

Affected Product

Vendor SourceCodester

Product Leave Application System

Version 1.0

Affected Versions SourceCodester Leave Application System 1.0

CWE Classification

CWE-79 CWE-94

References

{
    "lastseen": "",
    "description": "A security vulnerability has been detected in SourceCodester Leave Application System 1.0. Affected by this issue is some unknown functionality of the component User Management Handler. Such manipulation leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed publicly and may be used.",
    "published": "2026-03-31T18:30:12.047Z",
    "modified": "2026-03-31T20:30:43.222Z",
    "type": "cve",
    "title": "SourceCodester Leave Application System User Management cross site scripting",
    "source": "VulDB",
    "references": "https://vuldb.com/vuln/354345\nhttps://vuldb.com/vuln/354345/cti\nhttps://vuldb.com/submit/780417\nhttps://medium.com/@hemantrajbhati5555/stored-cross-site-scripting-xss-in-php-leave-application-system-3260c881a1fa\nhttps://www.sourcecodester.com/",
    "id": "CVE-2026-5209",
    "bulletinFamily": "",
    "cwe": [
        "CWE-79",
        "CWE-94"
    ],
    "cvelist": null,
    "sourceData": "SourceCodester Leave Application System 1.0",
    "sourceHref": "",
    "cvss": {
        "score": 4.8,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Leave Application System",
    "version": "1.0",
    "vendor": "SourceCodester",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

SourceCodester Leave Application System User Management cross site scripting_CVE-2026-5209