Home / Vulnerability Intelligence / CVE-2026-3812

CVE-2026-3812 - Vulnerability Analysis

MediumCVSS: 4.3

Last Updated: March 9, 2026

itsourcecode Payroll Management System - Stored XSS

Published: March 9, 2026Updated: March 9, 2026PoC AvailableRemote Exploitable

Overview

itsourcecode Payroll Management System 1.0 contains a stored XSS caused by manipulation of the "ID" argument in /manage_employee_allowances.php, letting remote attackers execute scripts, exploit requires crafted input.

Severity & Score

Severity: Medium

CVSS Score: 4.3

Impact

Remote attackers can execute arbitrary scripts in users' browsers, potentially stealing session data or performing actions on behalf of users.

Mitigation

Update to the latest version of itsourcecode Payroll Management System.

References

https://itsourcecode.com/
https://vuldb.com/?ctiid.349778
https://vuldb.com/?id.349778
https://vuldb.com/?submit.769103
https://github.com/ltranquility/cve_submit/issues/10

Related Resources

Vulnerability Intelligence Dashboard
Credential Scanner

Details

CVE ID: CVE-2026-3812
Severity: Medium
CVSS Score: 4.3
Type: stored_xss
Status: confirmed

CWE

CWE-79

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N