Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
5.3
Simple Laundry System 1.0 Allows Remote Attack via Staff Info Page
CVE-2026-5542
Summary
A security flaw in the Simple Laundry System 1.0 can allow hackers to execute malicious code on a website. This can happen if a user manipulates a specific argument on the staff information page. Website administrators should update the software to the latest version to protect against this attack.
Original title
A vulnerability was determined in code-projects Simple Laundry System 1.0. Impacted is an unknown function of the file /modstaffinfo.php of the component Parameter Handler. Executing a manipulation...
Original description
A vulnerability was determined in code-projects Simple Laundry System 1.0. Impacted is an unknown function of the file /modstaffinfo.php of the component Parameter Handler. Executing a manipulation of the argument userid can lead to cross site scripting. The attack may be launched remotely. The exploit has been publicly disclosed and may be utilized.
nvd CVSS2.0
5.0
nvd CVSS3.1
4.3
nvd CVSS4.0
5.3
Vulnerability type
CWE-79
Cross-site Scripting (XSS)
CWE-94
Code Injection
Published: 5 Apr 2026 · Updated: 5 Apr 2026 · First seen: 5 Apr 2026