A Reflected Cross-Site Scripting (XSS) vulnerability exists in SourceCodester Zoo Management System v1.0. The vulnerability is located in the login page, specifically within the msg parameter. The app

Description

A Reflected Cross-Site Scripting (XSS) vulnerability exists in SourceCodester Zoo Management System v1.0. The vulnerability is located in the login page, specifically within the msg parameter. The application reflects the content of the msg parameter back to the user without proper HTML encoding or sanitization. This allows remote attackers to inject arbitrary web script or HTML via a crafted URL.

Affected Products

Vendor	Product	Versions
SourceCodester	Zoo Management System	1.0

References

https://github.com/meifukun/Web-Security-PoCs/blob/main/Zoo-Management-System/Reflected-XSS-Login-msg.md

Related News (1 articles)

Tier C

VulDB20h ago

CVE-2026-30526 | SourceCodester Zoo Management System 1.0 msg cross site scripting (EUVD-2026-17899)

→ No new info (linked only)

CVSS 3.16.1 MEDIUM

VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CISA KEV❌ No

Actively exploited❌ No

CWECWE-79

PublishedApr 1, 2026

Last enriched15h agov2

Trending Score21

Source articles1

Independent1

Info Completeness8/14

Missing: epss, kev, exploit, patch, iocs, mitre_attack

Community Vote

0 upvotes0 downvotes

Version History

Last enriched 15h ago

v2Tier C15h ago

Updated vendor and product information, changed severity to HIGH, and clarified exploit availability.

vendorproductaffectedVersions

via VulDB

v117h ago

Initial creation

A Reflected Cross-Site Scripting (XSS) vulnerability exists in SourceCodester Zoo Management System v1.0. The vulnerability is located in the login page, specifically within the msg parameter. The app

Description

Affected Products

References

Related News (1 articles)

Community Vote

Related CVEs (4)

Pin to Dashboard

Verification

Vulnerability Timeline

Version History