Plataforma
php
Componente
code-projects-vehicle-showroom-management-system
Corregido en
1.0.1
A cross-site scripting (XSS) vulnerability has been identified in the Vehicle Showroom Management System, affecting versions 1.0.0 through 1.0. This flaw allows attackers to inject malicious scripts into the application via manipulation of the BRANCH_ID parameter. Successful exploitation could lead to data theft, session hijacking, or other malicious actions. A patch is expected to address this issue.
The XSS vulnerability in Vehicle Showroom Management System allows an attacker to execute arbitrary JavaScript code within the context of a user's browser. This can be exploited to steal sensitive information, such as user credentials, session cookies, or personal data stored in the browser. Attackers could also redirect users to malicious websites, deface the application, or perform actions on behalf of the user without their knowledge. The potential impact is significant, particularly if the application handles sensitive data or is used by a large number of users.
This vulnerability has been publicly disclosed, increasing the risk of exploitation. While no active campaigns have been confirmed, the availability of the vulnerability details makes it a potential target for opportunistic attackers. The exploit is relatively straightforward, making it accessible to a wide range of attackers. The vulnerability was published on 2026-04-10.
Organizations using the Vehicle Showroom Management System, particularly those with publicly accessible instances or those handling sensitive customer data, are at risk. Users who interact with the application and are not properly authenticated are also vulnerable to exploitation.
• generic web:
curl -I 'https://example.com/BranchManagement/ServiceAndSalesReport.php?BRANCH_ID=<script>alert(1)</script>' | grep -i 'content-type: text/html'• generic web:
curl 'https://example.com/BranchManagement/ServiceAndSalesReport.php?BRANCH_ID=<script>alert(1)</script>' | grep -o '<script.*?>.*?</script>'disclosure
Estado del Exploit
EPSS
0.03% (10% percentil)
CISA SSVC
Vector CVSS
The primary mitigation for CVE-2026-6035 is to upgrade to a patched version of the Vehicle Showroom Management System as soon as it becomes available. Until then, implement input validation on the BRANCH_ID parameter to prevent the injection of malicious scripts. Specifically, sanitize user-supplied input by encoding special characters and restricting the allowed characters. Consider implementing output encoding to prevent the browser from interpreting the injected script as executable code. Web application firewalls (WAFs) can also be configured to detect and block XSS attacks targeting this vulnerability.
Actualice el sistema Vehicle Showroom Management System a una versión corregida. Revise el código fuente del archivo /BranchManagement/ServiceAndSalesReport.php para identificar y corregir la vulnerabilidad de XSS. Implemente una validación y codificación adecuadas de la entrada del usuario para prevenir ataques de XSS.
Análisis de vulnerabilidades y alertas críticas directamente en tu correo.
CVE-2026-6035 is a cross-site scripting (XSS) vulnerability in Vehicle Showroom Management System versions 1.0.0–1.0, allowing attackers to inject malicious scripts via the BRANCH_ID parameter.
If you are using Vehicle Showroom Management System version 1.0.0–1.0, you are potentially affected by this vulnerability. Check your version and apply the recommended fix.
Upgrade to a patched version of Vehicle Showroom Management System as soon as it's available. Until then, implement input validation and output encoding to mitigate the risk.
While no active campaigns have been confirmed, the vulnerability has been publicly disclosed, increasing the risk of exploitation.
Refer to the official Vehicle Showroom Management System website or security channels for the latest advisory and patch information.
Sube tu archivo de dependencias y detecta esta y otras CVEs al instante.