CVE-2021-46074 Exploit Title: Vehicle Service Management System – ‘Settings’ Stored Cross Site Scripting (XSS)Exploit Author: P.L.SanuCVE: CVE-2021-46074CVSS: 4.8 MEDIUMReferences:https://www.plsanu.com/vehicle-service-management-system-settings-stored-cross-site-scripting-xsshttps://nvd.nist.gov/vuln/detail/CVE-2021-46074https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46074 Description:A Stored Cross Site Scripting (XSS) vulnerability exists in Sourcecodester Vehicle Service Management System 1.0 via the Settings Section in login panel. Exploit:1. Login to the admin panel http://localhost/vehicle_service/admin2. Navigate to Settings section http://localhost/vehicle_service/admin/?page=system_info3. Inject the … Continue reading Vehicle Service Management System – ‘Settings’ Stored Cross Site Scripting (XSS)