CVE-2026-4626
Cross-Site Scripting in Lawyer Management System /lawyer_booking.php
Publication date: 2026-03-24
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| projectworlds | online_lawyer_management_system | 1.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
| CWE-94 | The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
[{'type': 'paragraph', 'content': "CVE-2026-4626 is a stored Cross-Site Scripting (XSS) vulnerability in Projectworlds Lawyer Management System 1.0. It occurs because user inputs, specifically the 'description' parameter in booking-related PHP files, are not properly sanitized or encoded before being stored and later displayed. This allows attackers to inject malicious JavaScript code that executes in the browsers of lawyers viewing the affected pages."}, {'type': 'paragraph', 'content': 'The root cause is the failure to sanitize user inputs before storing them in the database and the failure to encode outputs when rendering data in HTML pages, such as missing use of functions like htmlspecialchars().'}, {'type': 'paragraph', 'content': 'For example, an attacker can submit a payload like <img src=x onerror=alert(document.cookie)> in the description field, which gets stored and later executed when lawyers access the booking page, potentially exposing their session cookies.'}] [1]
How can this vulnerability impact me? :
This vulnerability can have several impacts including:
- Theft of lawyer session cookies, enabling session hijacking.
- Unauthorized actions such as modifying bookings or accessing sensitive client data.
- Defacement of lawyer dashboards or redirection to malicious websites.
- Broad compromise since the malicious payload is stored and affects all lawyers who view the injected data.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
[{'type': 'paragraph', 'content': "This vulnerability can be detected by testing for stored Cross-Site Scripting (XSS) in the Lawyer Management System, specifically targeting the 'description' parameter in booking-related PHP files such as /user_booking.php and /lawyer_booking.php."}, {'type': 'paragraph', 'content': "A practical detection method involves submitting a test payload like <img src=x onerror=alert(document.cookie)> in the 'description' field during booking and then checking if the payload executes when viewing the booking page."}, {'type': 'paragraph', 'content': 'To detect this on your system, you can use curl commands to send POST requests with the malicious payload and then inspect the response or behavior in the browser.'}, {'type': 'list_item', 'content': 'Example curl command to inject payload: curl -X POST -d "description=<img src=x onerror=alert(document.cookie)>" https://yourserver/save_booking.php'}, {'type': 'list_item', 'content': 'After injection, access the /lawyer_booking.php page in a browser to see if the alert triggers, indicating the vulnerability.'}, {'type': 'paragraph', 'content': 'Additionally, security audits and penetration testing tools that scan for stored XSS vulnerabilities on web applications can be used to automate detection.'}] [1]
What immediate steps should I take to mitigate this vulnerability?
[{'type': 'paragraph', 'content': 'Immediate mitigation steps include applying proper output encoding and input validation to prevent execution of malicious scripts.'}, {'type': 'list_item', 'content': 'Use PHP\'s htmlspecialchars() function with ENT_QUOTES and UTF-8 encoding on all user-supplied data before rendering it in HTML, for example: <?php echo htmlspecialchars($row["description"], ENT_QUOTES, \'UTF-8\'); ?>'}, {'type': 'list_item', 'content': "Implement server-side input validation to restrict fields like 'description' to plain text by stripping HTML tags."}, {'type': 'list_item', 'content': 'Deploy a strong Content Security Policy (CSP) header to restrict sources of executable scripts.'}, {'type': 'list_item', 'content': "Set session cookies with the HttpOnly flag to prevent JavaScript access, for example: session_set_cookie_params(['httponly' => true]); session_start();"}, {'type': 'paragraph', 'content': 'Conduct regular security audits and penetration testing to identify and fix similar vulnerabilities proactively.'}] [1]