| Title | SourceCodester Loan Management System 1.0 Cross-Site Scripting (XSS) |
|---|
| Description | A Reflected Cross-Site Scripting (XSS) vulnerability exists in SourceCodester Loan Management System 1.0. The vulnerability is located in the index.php file via the "page" parameter. The application fails to sanitize user-supplied input before reflecting it in the response, allowing remote attackers to inject arbitrary web script or HTML via a crafted URL. |
|---|
| Source | ⚠️ https://github.com/meifukun/Web-Security-PoCs/blob/main/Loan-Management-System/XSS-Index-page.md |
|---|
| User | 563742137abc (UID 95813) |
|---|
| Submission | 02/23/2026 10:14 (2 months ago) |
|---|
| Moderation | 03/07/2026 09:50 (12 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 349648 [SourceCodester Loan Management System 1.0 /index.php page cross site scripting] |
|---|
| Points | 19 |
|---|