CVE-2026-3993

LOW EPSS 18.4%

Published Mar 12, 20263mo ago · Modified Apr 29, 20262mo ago

2.1 CVSS 4.0

Low

Published Mar 12, 2026 3mo ago

Last Modified Apr 29, 2026 2mo ago

Description

A security vulnerability has been detected in itsourcecode Payroll Management System 1.0. This vulnerability affects unknown code of the file /manage_employee_deductions.php. Such manipulation of the argument ID leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed publicly and may be used.

CVSS Details

Base Score

2.1

Exploitability

—

Impact

—

Vector string

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector Network

Attack Complexity Low

Privileges Required None

User Interaction P

Scope X

Threat Intelligence

EPSS Exploit Probability

18.4% percentile

Exploit & Patch Status

No Known Exploit

No Patch Available

Weaknesses 2

CWE-79 Cross-site Scripting Injection

CWE-94 Improper Control of Generation of Code (Code Injection) Injection

References 5

github.com https://github.com/ltranquility/cve_submit/issues/11
itsourcecode.com https://itsourcecode.com/
vuldb.com https://vuldb.com/?ctiid.350475
vuldb.com https://vuldb.com/?id.350475
vuldb.com https://vuldb.com/?submit.769749

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.