Description
A vulnerability was detected in code-projects Simple Laundry System 1.0. This vulnerability affects unknown code of the file /delmemberinfo.php. Performing a manipulation of the argument userid results in cross site scripting. The attack can be initiated remotely. The exploit is now public and may be used.
Published: 2026-04-09
Score: 5.3 Medium
EPSS: n/a
KEV: No
Impact: Cross‑site scripting in Simple Laundry System
Action: Patch
AI Analysis

Impact

The vulnerability resides in the delmemberinfo.php script of Code‑Projects Simple Laundry System version 1.0. Manipulating the userid argument causes the application to output unsanitized data, enabling attackers to inject and execute arbitrary client‑side scripts. This cross‑site scripting flaw can be triggered remotely by altering the URL parameter.

Affected Systems

Code‑Projects Simple Laundry System 1.0 is the only product listed as affected. The flaw is located in the delmemberinfo.php file; no other versions or products are mentioned.

Risk and Exploitability

The CVSS score of 5.3 represents a moderate severity vulnerability. EPSS information is not available and the issue is not present in CISA’s KEV catalog. The description states the attack can be initiated remotely via manipulation of the userid parameter, but it does not specify whether authentication is required. A public exploit is now available, indicating that the vulnerability is actively being abused.

Generated by OpenCVE AI on April 9, 2026 at 02:50 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply any vendor patch or update for Simple Laundry System if one becomes available.
  • Modify the delmemberinfo.php script to validate or encode the userid input before rendering it to prevent script injection.
  • Upgrade to a newer version of the application, if released, that resolves the issue.
  • Monitor vendor advisories and security feeds for additional patches or guidance.

Generated by OpenCVE AI on April 9, 2026 at 02:50 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 09 Apr 2026 01:00:00 +0000

Type Values Removed Values Added
Description A vulnerability was detected in code-projects Simple Laundry System 1.0. This vulnerability affects unknown code of the file /delmemberinfo.php. Performing a manipulation of the argument userid results in cross site scripting. The attack can be initiated remotely. The exploit is now public and may be used.
Title code-projects Simple Laundry System delmemberinfo.php cross site scripting
First Time appeared Code-projects
Code-projects simple Laundry System
Weaknesses CWE-79
CWE-94
CPEs cpe:2.3:a:code-projects:simple_laundry_system:*:*:*:*:*:*:*:*
Vendors & Products Code-projects
Code-projects simple Laundry System
References
Metrics cvssV2_0

{'score': 5, 'vector': 'AV:N/AC:L/Au:N/C:N/I:P/A:N/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 4.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 5.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P'}

Subscriptions

Code-projects Simple Laundry System
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-04-09T00:15:12.487Z

Reserved: 2026-04-08T16:49:46.123Z

Link: CVE-2026-5825

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-04-09T01:16:49.150

Modified: 2026-04-09T01:16:49.150

Link: CVE-2026-5825

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-09T08:25:24Z

Weaknesses