VYPR
← All advisories
Unrated severityNVD Advisory· Published Oct 15, 2022· Updated Apr 15, 2025

SourceCodester Sanitization Management System User Creation cross site scripting

CVE-2022-3518

Description

A vulnerability classified as problematic has been found in SourceCodester Sanitization Management System 1.0. Affected is an unknown function of the component User Creation Handler. The manipulation of the argument First Name/Middle Name/Last Name leads to cross site scripting. It is possible to launch the attack remotely. VDB-211014 is the identifier assigned to this vulnerability.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

XSS vulnerability in SourceCodester Sanitization Management System 1.0 via user creation form fields allows remote attackers to inject scripts.

Vulnerability

The SourceCodester Sanitization Management System 1.0 contains a cross-site scripting (XSS) vulnerability in the User Creation Handler. The First Name, Middle Name, and Last Name fields are not properly sanitized, allowing arbitrary HTML/JavaScript injection [1].

Exploitation

An attacker can remotely exploit this by crafting a payload in any of the name fields during user registration. No authentication is required, as the user creation form is accessible. The payload is stored and executed when an administrator views the user list [1].

Impact

Successful exploitation leads to execution of attacker-controlled scripts in the context of the administrator's browser, potentially leading to session hijacking, data theft, or defacement [1].

Mitigation

No official patch has been released as of the publication date. Users should sanitize input manually or restrict access to the user creation form until a fix is provided [1].

References
  1. CVE-2022-3518/POC at main · lohith19/CVE-2022-3518

AI Insight generated on May 25, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

2

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

2

News mentions

0

No linked articles in our index yet.