Description
A vulnerability was found in SourceCodester Safety Anger Pad 1.0. The affected element is an unknown function. The manipulation of the argument angerDisplay results in cross site scripting. The attack may be performed from remote. The exploit has been made public and could be used.
Published: 2026-04-28
Score: 5.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A flaw in SourceCodester Safety Anger Pad 1.0 allows an attacker to supply a malicious payload through the angerDisplay parameter, which is reflected directly in the page output. When a victim visits the affected page, the injected JavaScript runs in their browser and can perform actions that the original page intended only for legitimate users.

Affected Systems

Only SourceCodester Safety Anger Pad 1.0 is indicated as vulnerable; no other versions or related products were reported affected.

Risk and Exploitability

The CVSS score of 5.3 indicates a moderate severity level. Based on the description, it is inferred that the attack may be performed remotely, though the necessity of authentication is not explicitly stated; the exploit is publicly available, meaning attackers can target any exposed instance. The EPSS score of less than 1% suggests a low probability of current exploitation, and the vulnerability is not listed in the CISA KEV catalog; however, as a reflected XSS flaw it remains a common risk surface.

Generated by OpenCVE AI on April 29, 2026 at 01:30 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade SourceCodester Safety Anger Pad to a non‑vulnerable release if one is available; consult the vendor for an official patch.
  • If no patch exists, implement server‑side validation or HTML‑escaping for the angerDisplay parameter before rendering it into the response, using established libraries or framework helpers.
  • Add Content‑Security‑Policy headers that restrict script execution or deploy a web application firewall to block malicious script payloads.

Generated by OpenCVE AI on April 29, 2026 at 01:30 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 29 Apr 2026 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 29 Apr 2026 10:30:00 +0000

Type Values Removed Values Added
First Time appeared Sourcecodester
Sourcecodester safety Anger Pad
Vendors & Products Sourcecodester
Sourcecodester safety Anger Pad

Tue, 28 Apr 2026 06:30:00 +0000

Type Values Removed Values Added
Description A vulnerability was found in SourceCodester Safety Anger Pad 1.0. The affected element is an unknown function. The manipulation of the argument angerDisplay results in cross site scripting. The attack may be performed from remote. The exploit has been made public and could be used.
Title SourceCodester Safety Anger Pad cross site scripting
Weaknesses CWE-79
CWE-94
References
Metrics cvssV2_0

{'score': 5, 'vector': 'AV:N/AC:L/Au:N/C:N/I:P/A:N/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 4.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 5.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P'}

Subscriptions

Sourcecodester Safety Anger Pad
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-04-29T14:17:58.671Z

Reserved: 2026-04-27T15:49:47.803Z

Link: CVE-2026-7230

cve-icon Vulnrichment

Updated: 2026-04-29T14:17:13.208Z

cve-icon NVD

Status : Deferred

Published: 2026-04-28T07:16:03.900

Modified: 2026-04-29T01:00:01.613

Link: CVE-2026-7230

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-29T10:11:02Z

Weaknesses