CVE-2026-5209

LOW CVSS 2.4 View on NVD ↗

Description

A security vulnerability has been detected in SourceCodester Leave Application System 1.0. Affected by this issue is some unknown functionality of the component User Management Handler. Such manipulation leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed publicly and may be used.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N

References

https://medium.com/@hemantrajbhati5555/stored-cross-site-scripting-xss-in-php-leave-application-system-3260c881a1fa
https://vuldb.com/submit/780417
https://vuldb.com/vuln/354345
https://vuldb.com/vuln/354345/cti
https://www.sourcecodester.com/

Published: Mar 31, 2026 19:16 UTC Modified: Apr 01, 2026 14:23 UTC