CVE-2026-4849 PUBLISHED

A vulnerability was identified in code-projects Simple Laundry System 1.0. This impacts an unknown function of the file /modify.php of the component Parameter Handler. The manipulation of the argument firstName leads to cross site scripting. The attack may be initiated remotely. The exploit is publicly available and might be used.

• kbloow (VulDB User) reporter

• VDB-353154 | code-projects Simple Laundry System Parameter modify.php cross site scripting
• VDB-353154 | CTI Indicators (IOB, IOC, TTP, IOA)
• Submit #776183 | code-projects Simple Laundry System V1.0 cross site scripting
• https://github.com/kbloow/CVE/issues/2
• https://code-projects.org/

• Cross Site Scripting CWE
• Code Injection CWE