{"api_version":"1","generated_at":"2026-04-25T18:00:54+00:00","cve":"CVE-2023-36158","urls":{"html":"https://cve.report/CVE-2023-36158","api":"https://cve.report/api/cve/CVE-2023-36158.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2023-36158","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2023-36158"},"summary":{"title":"CVE-2023-36158","description":"Cross Site Scripting (XSS) vulnerability in sourcecodester Toll Tax Management System 1.0 allows remote attackers to run arbitrary code via the First Name and Last Name fields on the My Account page.","state":"PUBLIC","assigner":"cve@mitre.org","published_at":"2023-08-04 00:15:00","updated_at":"2023-08-08 19:00:00"},"problem_types":["CWE-79"],"metrics":[],"references":[{"url":"https://www.sourcecodester.com/php/15304/toll-tax-management-system-phpoop-free-source-code.html","name":"https://www.sourcecodester.com/php/15304/toll-tax-management-system-phpoop-free-source-code.html","refsource":"MISC","tags":[],"title":"Toll Tax Management System in PHP/OOP Free Source Code | Free Source Code Projects and Tutorials","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"http://toll.com","name":"http://toll.com","refsource":"MISC","tags":[],"title":"toll.com is for sale | www.oxley.com","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://cyberredteam.tech/posts/cve-2023-36158/","name":"https://cyberredteam.tech/posts/cve-2023-36158/","refsource":"MISC","tags":[],"title":"Toll Tax Management System - Multiple stored XSS | Cryptex Hackscape","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://github.com/unknown00759/CVE-2023-36158/blob/main/CVE-2023-36158.md","name":"https://github.com/unknown00759/CVE-2023-36158/blob/main/CVE-2023-36158.md","refsource":"MISC","tags":[],"title":"","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://www.cve.org/CVERecord?id=CVE-2023-36158","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-36158","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2023","cve_id":"36158","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"toll_tax_management_system_project","cpe5":"toll_tax_management_system","cpe6":"1.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"cve@mitre.org","ID":"CVE-2023-36158","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"Cross Site Scripting (XSS) vulnerability in sourcecodester Toll Tax Management System 1.0 allows remote attackers to run arbitrary code via the First Name and Last Name fields on the My Account page."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"url":"http://toll.com","refsource":"MISC","name":"http://toll.com"},{"url":"https://www.sourcecodester.com/php/15304/toll-tax-management-system-phpoop-free-source-code.html","refsource":"MISC","name":"https://www.sourcecodester.com/php/15304/toll-tax-management-system-phpoop-free-source-code.html"},{"refsource":"MISC","name":"https://cyberredteam.tech/posts/cve-2023-36158/","url":"https://cyberredteam.tech/posts/cve-2023-36158/"},{"refsource":"MISC","name":"https://github.com/unknown00759/CVE-2023-36158/blob/main/CVE-2023-36158.md","url":"https://github.com/unknown00759/CVE-2023-36158/blob/main/CVE-2023-36158.md"}]}},"nvd":{"publishedDate":"2023-08-04 00:15:00","lastModifiedDate":"2023-08-08 19:00:00","problem_types":["CWE-79"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE","baseScore":6.1,"baseSeverity":"MEDIUM"},"exploitabilityScore":2.8,"impactScore":2.7}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:toll_tax_management_system_project:toll_tax_management_system:1.0:*:*:*:*:*:*:*","cpe_name":[]}]}]}},"legacy_mitre":{"record":null,"notes":[]}}}