CVE-2026-6150
Received Received - Intake
Cross-Site Scripting in Simple Laundry System /checkupdatestatus.php

Publication date: 2026-04-13

Last updated on: 2026-04-29

Assigner: VulDB

Description
A vulnerability has been found in code-projects Simple Laundry System 1.0. This affects an unknown part of the file /checkupdatestatus.php. The manipulation of the argument serviceId leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-04-13
Last Modified
2026-04-29
Generated
2026-06-16
AI Q&A
2026-04-13
EPSS Evaluated
2026-06-15
NVD
CVE-2026-6150
EUVD
EUVD-2026-21779
Affected Vendors & Products
Currently, no data is known.
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-79 The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
CWE-94 The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Mitigation Strategies

Immediate mitigation steps include:

  • Implement proper output encoding of user inputs according to the context (HTML, JavaScript, CSS, URL) to prevent execution of injected scripts.
  • Enforce strict input validation and filtering to accept only expected input formats and sanitize or reject malicious content such as script tags.
  • Deploy a strict Content Security Policy (CSP) to restrict script sources and prevent unauthorized inline or external script execution.
  • Set HttpOnly and Secure flags on cookies to protect sensitive data from being accessed via JavaScript and ensure secure transmission.
  • Conduct regular security audits and code reviews to detect and remediate XSS and other vulnerabilities promptly.
Executive Summary

The CVE-2026-6150 vulnerability is a Cross-Site Scripting (XSS) issue found in version 1.0 of the Simple Laundry System project, specifically in the /checkupdatestatus.php file.

The root cause is the improper handling of the serviceId parameter, where user input is directly output to the web page without adequate encoding or filtering.

This allows attackers to inject malicious scripts, which execute in the victim's browser.

Impact Analysis

Attackers exploiting this vulnerability can steal cookies, session tokens, or other sensitive data.

They can perform unauthorized actions on behalf of the victim, deface web pages, redirect users to malicious sites, and potentially gain control over the victim’s browser.

Exploitation does not require user login or authorization, making it easier for attackers to launch attacks remotely.

Detection Guidance

This vulnerability can be detected by testing the affected URL parameter for Cross-Site Scripting (XSS) by injecting a script payload into the serviceId parameter and observing if it executes in the browser.

  • Use a browser or tools like curl or wget to send a request with a payload such as: http://127.0.0.1/Laundry_system/checkupdatestatus.php?serviceId=%3Cscript%3Eprompt(/xss/);%3C/script%3E
  • If the script executes (e.g., a prompt box appears), the vulnerability is present.
  • Example curl command: curl -i "http://127.0.0.1/Laundry_system/checkupdatestatus.php?serviceId=<script>prompt(/xss/);</script>"
  • Monitor web traffic for suspicious script injections or unexpected script execution in responses.
Compliance Impact

The CVE-2026-6150 vulnerability is a Cross-Site Scripting (XSS) issue that allows attackers to steal sensitive data such as cookies and session tokens, perform unauthorized actions, and potentially gain control over users' browsers. Such unauthorized access and data exposure can lead to violations of data protection regulations like GDPR and HIPAA, which require safeguarding personal and sensitive information against unauthorized access and breaches.

Failure to remediate this vulnerability could result in non-compliance with these standards due to the risk of data leakage and unauthorized user actions. Therefore, addressing this vulnerability through proper input validation, output encoding, Content Security Policy implementation, and secure cookie handling is critical to maintaining compliance with common security and privacy regulations.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-6150. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart