Description
A vulnerability has been found in code-projects Simple Laundry System 1.0. This affects an unknown part of the file /checkupdatestatus.php. The manipulation of the argument serviceId leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
Published: 2026-04-13
Score: 5.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Cross‑Site Scripting
Action: Apply Patch
AI Analysis

Impact

This vulnerability allows an attacker to inject malicious scripts by manipulating the serviceId argument in the checkupdatestatus.php file of code‑projects Simple Laundry System. The resulting cross‑site scripting can lead to session hijacking, defacement, or the execution of arbitrary client‑side code, compromising user confidentiality and application integrity.

Affected Systems

The flaw resides in code‑projects Simple Laundry System version 1.0. No additional affected versions are listed, and the specific code component is identified as checkupdatestatus.php within the application’s public interface.

Risk and Exploitability

The reported CVSS score of 5.3 indicates a moderate impact potential. Attackers can exploit the flaw remotely, with no evidence of required local privileges. EPSS data is not available and the vulnerability is not in the CISA KEV catalog. While the severity is moderate, the ability to remotely inject scripts warrants timely remediation.

Generated by OpenCVE AI on April 13, 2026 at 03:20 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Check the vendor’s website or contact code‑projects support for an updated patch or upgrade path
  • If a patch is not immediately available, implement input sanitization or whitelist validation for the serviceId parameter
  • Apply general web application hardening measures such as Content Security Policy headers to mitigate script execution
  • Monitor for related vulnerability disclosures and apply any subsequent fixes promptly

Generated by OpenCVE AI on April 13, 2026 at 03:20 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 14 Apr 2026 17:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 13 Apr 2026 02:45:00 +0000

Type Values Removed Values Added
Description A vulnerability has been found in code-projects Simple Laundry System 1.0. This affects an unknown part of the file /checkupdatestatus.php. The manipulation of the argument serviceId leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
Title code-projects Simple Laundry System checkupdatestatus.php cross site scripting
First Time appeared Code-projects
Code-projects simple Laundry System
Weaknesses CWE-79
CWE-94
CPEs cpe:2.3:a:code-projects:simple_laundry_system:*:*:*:*:*:*:*:*
Vendors & Products Code-projects
Code-projects simple Laundry System
References
Metrics cvssV2_0

{'score': 5, 'vector': 'AV:N/AC:L/Au:N/C:N/I:P/A:N/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 4.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 5.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P'}

Subscriptions

Code-projects Simple Laundry System
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-04-14T16:30:00.935Z

Reserved: 2026-04-12T17:59:29.894Z

Link: CVE-2026-6150

cve-icon Vulnrichment

Updated: 2026-04-14T15:20:36.842Z

cve-icon NVD

Status : Deferred

Published: 2026-04-13T03:16:02.683

Modified: 2026-04-29T01:00:01.613

Link: CVE-2026-6150

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-13T12:53:41Z

Weaknesses