Home / Vulnerability Intelligence / CVE-2026-3702

CVE-2026-3702 - Vulnerability Analysis

MediumCVSS: 4.3

Last Updated: March 9, 2026

SourceCodester Loan Management System - Stored XSS

Published: March 8, 2026Updated: March 9, 2026PoC AvailableRemote Exploitable

Overview

SourceCodester Loan Management System 1.0 contains a stored XSS caused by manipulation of the "page" argument in /index.php, letting remote attackers execute scripts, exploit requires no special privileges.

Severity & Score

Severity: Medium

CVSS Score: 4.3

Impact

Remote attackers can execute arbitrary scripts, potentially leading to session hijacking or user impersonation.

Mitigation

Update to the latest version or apply patches that sanitize the "page" parameter.

References

https://github.com/meifukun/Web-Security-PoCs/blob/main/Loan-Management-System/XSS-Index-page.md
https://vuldb.com/?ctiid.349648
https://vuldb.com/?id.349648
https://vuldb.com/?submit.765785
https://www.sourcecodester.com/

Related Resources

Vulnerability Intelligence Dashboard
Credential Scanner

Details

CVE ID: CVE-2026-3702
Severity: Medium
CVSS Score: 4.3
Type: stored_xss
Status: confirmed

CWE

CWE-79

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N