{"api_version":"1","generated_at":"2026-07-07T22:12:59+00:00","cve":"CVE-2023-36159","urls":{"html":"https://cve.report/CVE-2023-36159","api":"https://cve.report/api/cve/CVE-2023-36159.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2023-36159","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2023-36159"},"summary":{"title":"CVE-2023-36159","description":"Cross Site Scripting (XSS) vulnerability in sourcecodester Lost and Found Information System 1.0 allows remote attackers to run arbitrary code via the First Name, Middle Name and Last Name fields on the Create User page.","state":"PUBLISHED","assigner":"mitre","published_at":"2023-08-04 00:15:13","updated_at":"2026-07-05 01:18:41"},"problem_types":["CWE-79","n/a"],"metrics":[{"version":"3.1","source":"nvd@nist.gov","type":"Primary","score":"6.1","severity":"MEDIUM","vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","data":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"}}],"references":[{"url":"https://cyberredteam.tech/posts/cve-2023-36159/","name":"https://cyberredteam.tech/posts/cve-2023-36159/","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Lost and Found Information System- Multiple stored XSS | Cryptex Hackscape","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"http://lost.com","name":"http://lost.com","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Not Applicable"],"title":"Premium Domain Broker - DNX.com","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.sourcecodester.com/php/16525/lost-and-found-information-system-using-php-and-mysql-db-source-code-free-download.html","name":"https://www.sourcecodester.com/php/16525/lost-and-found-information-system-using-php-and-mysql-db-source-code-free-download.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Product"],"title":"Lost and Found Information System using PHP and MySQL DB Source Code Free Download | Free Source Code Projects and Tutorials","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2023-36159","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-36159","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"n/a","product":"n/a","version":"affected n/a","platforms":[]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2023","cve_id":"36159","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"oretnom23","cpe5":"lost_and_found_information_system","cpe6":"1.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":{"cve_year":"2023","cve_id":"36159","cve":"CVE-2023-36159","epss":"0.006450000","percentile":"0.464770000","score_date":"2026-07-06","updated_at":"2026-07-07 00:05:14"},"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"providerMetadata":{"dateUpdated":"2024-08-02T16:37:41.395Z","orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE"},"references":[{"tags":["x_transferred"],"url":"https://www.sourcecodester.com/php/16525/lost-and-found-information-system-using-php-and-mysql-db-source-code-free-download.html"},{"tags":["x_transferred"],"url":"http://lost.com"},{"tags":["x_transferred"],"url":"https://cyberredteam.tech/posts/cve-2023-36159/"}],"title":"CVE Program Container"},{"metrics":[{"other":{"content":{"id":"CVE-2023-36159","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","timestamp":"2024-10-17T16:16:37.375259Z","version":"2.0.3"},"type":"ssvc"}}],"providerMetadata":{"dateUpdated":"2024-10-17T16:16:47.262Z","orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP"},"title":"CISA ADP Vulnrichment"}],"cna":{"affected":[{"product":"n/a","vendor":"n/a","versions":[{"status":"affected","version":"n/a"}]}],"descriptions":[{"lang":"en","value":"Cross Site Scripting (XSS) vulnerability in sourcecodester Lost and Found Information System 1.0 allows remote attackers to run arbitrary code via the First Name, Middle Name and Last Name fields on the Create User page."}],"problemTypes":[{"descriptions":[{"description":"n/a","lang":"en","type":"text"}]}],"providerMetadata":{"dateUpdated":"2026-07-05T00:26:14.794Z","orgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","shortName":"mitre"},"references":[{"url":"https://www.sourcecodester.com/php/16525/lost-and-found-information-system-using-php-and-mysql-db-source-code-free-download.html"},{"url":"https://cyberredteam.tech/posts/cve-2023-36159/"}]}},"cveMetadata":{"assignerOrgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","assignerShortName":"mitre","cveId":"CVE-2023-36159","datePublished":"2023-08-03T00:00:00.000Z","dateReserved":"2023-06-21T00:00:00.000Z","dateUpdated":"2026-07-05T00:26:14.794Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.2"},"nvd":{"publishedDate":"2023-08-04 00:15:13","lastModifiedDate":"2026-07-05 01:18:41","problem_types":["CWE-79","n/a"],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2024-10-17T16:16:37.375259Z","id":"CVE-2023-36159","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oretnom23:lost_and_found_information_system:1.0:*:*:*:*:*:*:*","matchCriteriaId":"14CF403B-DF0C-4796-8B10-689075DC8A35"}]}]}]},"legacy_mitre":{"record":{"CveYear":"2023","CveId":"36159","Ordinal":"1","Title":"CVE-2023-36159","CVE":"CVE-2023-36159","Year":"2023"},"notes":[{"CveYear":"2023","CveId":"36159","Ordinal":"1","NoteData":"Cross Site Scripting (XSS) vulnerability in sourcecodester Lost and Found Information System 1.0 allows remote attackers to run arbitrary code via the First Name, Middle Name and Last Name fields on the Create User page.","Type":"Description","Title":"CVE-2023-36159"}]}}}