CVE-2026-5541
Description
A vulnerability was found in code-projects Simple Laundry System 1.0. This issue affects some unknown processing of the file /modmemberinfo.php of the component Parameter Handler. Performing a manipulation of the argument userid results in cross site scripting. The attack may be initiated remotely. The exploit has been made public and could be used.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Cross-site scripting in code-projects Simple Laundry System 1.0 via userid parameter in /modmemberinfo.php, exploitable remotely without authentication.
A cross-site scripting (XSS) vulnerability exists in code-projects Simple Laundry System 1.0, specifically in the /modmemberinfo.php file. The userid parameter is taken from the HTTP request and directly rendered into the web page without proper encoding or sanitization, allowing attackers to inject arbitrary HTML or JavaScript [1].
Attackers can trigger the vulnerability remotely by crafting a malicious URL containing a payload in the userid parameter. No authentication is required to exploit this flaw, and public proof-of-concept code using `` has been released [1].
Successful exploitation enables an attacker to execute arbitrary scripts in the victim's browser session. This can lead to cookie theft, session hijacking, defacement, or redirection to malicious sites, potentially compromising user accounts and privacy [1].
As of the advisory, no patch has been released; users are advised to apply output encoding to the userid parameter or restrict access to the vulnerable file until an official update is available [1].
AI Insight generated on May 18, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
1- Range: =1.0
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
5News mentions
0No linked articles in our index yet.