Description
A vulnerability was found in code-projects Simple Laundry System 1.0. This impacts an unknown function of the file /checkcheckout.php. Performing a manipulation of the argument serviceId results in cross site scripting. The attack is possible to be carried out remotely. The exploit has been made public and could be used.
Published: 2026-04-10
Score: 5.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Cross‑Site Scripting
Action: Patch now
AI Analysis

Impact

The vulnerability is a client‑side cross‑site scripting flaw located in the checkcheckout.php module of code‑projects Simple Laundry System 1.0. By manipulating the serviceId query parameter, an attacker can inject arbitrary JavaScript into the page. This injection allows the attacker to run malicious code in the browsers of users who view the affected page, potentially leading to credential theft, session hijacking, or defacement. The flaw maps to CWE‑79 (Cross‑Site Scripting) and also reflects code‑injection concerns (CWE‑94).

Affected Systems

Affected systems are the Simple Laundry System version 1.0 released by code‑projects. No other versions or products were identified in the CVE data. Operators of this web application should verify whether the deployed instance matches the impacted version.

Risk and Exploitability

The CVSS score of 5.3 classifies the issue as moderate, and the EPSS score is not provided. The vulnerability is exploitable remotely over HTTP by sending a crafted serviceId value, and exploit code has already been made public. Because the attack is performed via browser input, the risk depends on the number of users accessing the vulnerable page. Current mitigation depends on an official update; if unavailable, the attacker can easily carry out the exploit until a patch or input validation is applied.

Generated by OpenCVE AI on April 10, 2026 at 08:20 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Obtain and install the latest update from code‑projects that addresses the XSS flaw.
  • Sanitize or validate the serviceId parameter in checkcheckout.php to ensure only expected values are accepted.
  • Configure a web application firewall to block or filter known XSS payload patterns.
  • Verify the effectiveness of the fix by testing or monitoring application logs for anomalous scripts.

Generated by OpenCVE AI on April 10, 2026 at 08:20 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 10 Apr 2026 07:30:00 +0000

Type Values Removed Values Added
Description A vulnerability was found in code-projects Simple Laundry System 1.0. This impacts an unknown function of the file /checkcheckout.php. Performing a manipulation of the argument serviceId results in cross site scripting. The attack is possible to be carried out remotely. The exploit has been made public and could be used.
Title code-projects Simple Laundry System checkcheckout.php cross site scripting
First Time appeared Code-projects
Code-projects simple Laundry System
Weaknesses CWE-79
CWE-94
CPEs cpe:2.3:a:code-projects:simple_laundry_system:*:*:*:*:*:*:*:*
Vendors & Products Code-projects
Code-projects simple Laundry System
References
Metrics cvssV2_0

{'score': 5, 'vector': 'AV:N/AC:L/Au:N/C:N/I:P/A:N/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 4.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 5.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P'}

Subscriptions

Code-projects Simple Laundry System
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-04-10T07:15:13.733Z

Reserved: 2026-04-09T16:08:43.616Z

Link: CVE-2026-6032

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-04-10T08:16:26.473

Modified: 2026-04-10T08:16:26.473

Link: CVE-2026-6032

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-10T09:26:29Z

Weaknesses