CVE-2026-5209Cross-site Scripting in Leave Application System

CWE-79Cross-site ScriptingCWE-94Code Injection3 documents3 sources
Severity
4.8MEDIUMNVD
EPSS
0.0%
top 90.71%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Sourcecodester Leave Application System
Timeline
PublishedMar 31

Description

A security vulnerability has been detected in SourceCodester Leave Application System 1.0. Affected by this issue is some unknown functionality of the component User Management Handler. Such manipulation leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed publicly and may be used.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

Affected Packages1 packages

🔴Vulnerability Details

2
CVEList
SourceCodester Leave Application System User Management cross site scripting2026-03-31
GHSA
GHSA-hp8h-9fvc-5j3p: A security vulnerability has been detected in SourceCodester Leave Application System 12026-03-31
CVE-2026-5209 — Cross-site Scripting | cvebase