Platform
php
Component
code-projects-vehicle-showroom-management-system
Fixed in
1.0.1
A cross-site scripting (XSS) vulnerability has been identified in the Vehicle Showroom Management System, affecting versions 1.0.0 through 1.0. This flaw allows attackers to inject malicious scripts into the application via manipulation of the BRANCH_ID parameter. Successful exploitation could lead to data theft, session hijacking, or other malicious actions. A patch is expected to address this issue.
The XSS vulnerability in Vehicle Showroom Management System allows an attacker to execute arbitrary JavaScript code within the context of a user's browser. This can be exploited to steal sensitive information, such as user credentials, session cookies, or personal data stored in the browser. Attackers could also redirect users to malicious websites, deface the application, or perform actions on behalf of the user without their knowledge. The potential impact is significant, particularly if the application handles sensitive data or is used by a large number of users.
This vulnerability has been publicly disclosed, increasing the risk of exploitation. While no active campaigns have been confirmed, the availability of the vulnerability details makes it a potential target for opportunistic attackers. The exploit is relatively straightforward, making it accessible to a wide range of attackers. The vulnerability was published on 2026-04-10.
Exploit Status
EPSS
0.03% (10% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2026-6035 is to upgrade to a patched version of the Vehicle Showroom Management System as soon as it becomes available. Until then, implement input validation on the BRANCH_ID parameter to prevent the injection of malicious scripts. Specifically, sanitize user-supplied input by encoding special characters and restricting the allowed characters. Consider implementing output encoding to prevent the browser from interpreting the injected script as executable code. Web application firewalls (WAFs) can also be configured to detect and block XSS attacks targeting this vulnerability.
Update the Vehicle Showroom Management System to a patched version. Review the source code of the /BranchManagement/ServiceAndSalesReport.php file to identify and fix the XSS vulnerability. Implement proper user input validation and encoding to prevent XSS attacks.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2026-6035 is a cross-site scripting (XSS) vulnerability in Vehicle Showroom Management System versions 1.0.0–1.0, allowing attackers to inject malicious scripts via the BRANCH_ID parameter.
If you are using Vehicle Showroom Management System version 1.0.0–1.0, you are potentially affected by this vulnerability. Check your version and apply the recommended fix.
Upgrade to a patched version of Vehicle Showroom Management System as soon as it's available. Until then, implement input validation and output encoding to mitigate the risk.
While no active campaigns have been confirmed, the vulnerability has been publicly disclosed, increasing the risk of exploitation.
Refer to the official Vehicle Showroom Management System website or security channels for the latest advisory and patch information.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.