Description
A vulnerability was detected in itsourcecode Fees Management System 1.0. The affected element is an unknown function of the file index.php. Performing a manipulation of the argument page results in cross site scripting. The attack may be initiated remotely. The exploit is now public and may be used.
Published: 2026-06-01
Score: 5.3 Medium
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability resides in the index.php file of itsourcecode Fees Management System 1.0. An attacker can manipulate the `page` argument to inject script code that is rendered in the browser, enabling client‑side code execution. This allows theft of user data, session hijacking, and phishing attacks. The weakness is a reflected XSS flaw (CWE‑79) with potential for code injection via parameter handling (CWE‑94).

Affected Systems

The affected product is itsourcecode Fees Management System, version 1.0. No other versions are listed as vulnerable in this advisory.

Risk and Exploitability

The public exploit is available and can be launched remotely from the Internet. The CVSS score of 5.3 indicates a moderate impact and moderate complexity. The EPSS score is currently unavailable, and the vulnerability is not listed in the CISA KEV catalog, but the presence of an accessible exploit elevates the risk. The attack surface is limited to users interacting with index.php on the affected web server with a crafted `page` value.

Generated by OpenCVE AI on June 2, 2026 at 01:20 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Restrict the `page` parameter to a strict whitelist of allowed values or discard any unexpected input to prevent injection.
  • Apply output encoding, such as using `htmlspecialchars()` in PHP, whenever data derived from the `page` parameter is rendered in HTML.
  • Deploy a Content Security Policy that disallows inline scripts and restricts script sources, limiting the effect of any injected code.
  • Check for vendor updates and apply any available patch to the Fees Management System as soon as it is released.

Generated by OpenCVE AI on June 2, 2026 at 01:20 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 02 Jun 2026 00:00:00 +0000

Type Values Removed Values Added
Description A vulnerability was detected in itsourcecode Fees Management System 1.0. The affected element is an unknown function of the file index.php. Performing a manipulation of the argument page results in cross site scripting. The attack may be initiated remotely. The exploit is now public and may be used.
Title itsourcecode Fees Management System index.php cross site scripting
First Time appeared Itsourcecode
Itsourcecode fees Management System
Weaknesses CWE-79
CWE-94
CPEs cpe:2.3:a:itsourcecode:fees_management_system:*:*:*:*:*:*:*:*
Vendors & Products Itsourcecode
Itsourcecode fees Management System
References
Metrics cvssV2_0

{'score': 5, 'vector': 'AV:N/AC:L/Au:N/C:N/I:P/A:N/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 4.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 5.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P'}

Subscriptions

Itsourcecode Fees Management System
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-06-01T23:15:08.784Z

Reserved: 2026-05-31T18:12:57.001Z

Link: CVE-2026-10301

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-06-02T00:16:36.473

Modified: 2026-06-02T00:16:36.473

Link: CVE-2026-10301

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-02T01:30:26Z

Weaknesses