CVE-2026-5255

CWE-79Cross-site Scripting (XSS)CWE-94Code Injection3 documents3 sources
Severity
5.3MEDIUM
EPSS
0.0%
top 90.68%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Code-projects Simple Laundry System
Timeline
PublishedApr 1

Description

A vulnerability was detected in code-projects Simple Laundry System 1.0. This affects an unknown part of the file /delstaffinfo.php of the component Parameter Handler. The manipulation of the argument userid results in cross site scripting. The attack may be launched remotely. The exploit is now public and may be used.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

Affected Packages2 packages

🔴Vulnerability Details

2
CVEList
code-projects Simple Laundry System Parameter delstaffinfo.php cross site scripting2026-04-01
GHSA
GHSA-g289-xp4v-g26c: A vulnerability was detected in code-projects Simple Laundry System 12026-04-01
CVE-2026-5255 (MEDIUM CVSS 5.3) | A vulnerability was detected in cod | cvebase.io