What is CVE-2026-5209?

CVE-2026-5209 is a low-severity vulnerability in Sourcecodester Leave Application System, classified under Cross-site Scripting. CVSS score: 2.4/10. Published 2026-03-31.

How severe is CVE-2026-5209?

Low severity. CVSS v3 base score is 2.4 out of 10.

RCE in Sourcecodester Leave Application System

CVE-2026-5209

A security vulnerability has been detected in SourceCodester Leave Application System 1.0. Affected by this issue is some unknown functionality of the component User Management Handler. Such manipulation leads to cross site scripting. The…

Vulnerability class: XSS (Cross-Site Scripting)

EPSS: 0.000 (1.6th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 2.4 (Low). Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N.

Affected products

Sourcecodester Leave Application System — versions 1.0

Weakness classification (CWE)

References

VDB-354345 | SourceCodester Leave Application System User Management cross site scripting (vdb-entry)
VDB-354345 | CTI Indicators (IOB, IOC, TTP) (signature, permissions-required)
Submit #780417 | SourceCodester Leave Application System in PHP and SQLite3 1.0 Cross Site Scripting (third-party-advisory)
cna@vuldb.com (exploit, broken-link)
cna@vuldb.com (product)

Frequently asked questions

What is CVE-2026-5209?: CVE-2026-5209 is a low-severity vulnerability in Sourcecodester Leave Application System, classified under Cross-site Scripting. CVSS score: 2.4/10. Published 2026-03-31.
How severe is CVE-2026-5209?: Low severity. CVSS v3 base score is 2.4 out of 10.