SourceCodester Royale Event Management System 1.0 companyprofile.php companyname/regno/companyaddress/companyemail cross site scripting
A vulnerability classified as problematic has been found in SourceCodester Royale Event Management System 1.0. Affected is an unknown function of the file /royal_event/companyprofile.php. The manipulation of the argument companyname/regno/companyaddress/companyemail leads to cross site scripting. Using CWE to declare the problem leads to CWE-79. The weakness was released 03/26/2022. The advisory is available at sourcecodester.com. This vulnerability is traded as CVE-2022-1102. It is possible to launch the attack remotely. Technical details are available. Furthermore, there is an exploit available. The structure of the vulnerability defines a possible price range of USD $0-$5k at the moment. This vulnerability is assigned to T1059.007 by the MITRE ATT&CK project. It is declared as proof-of-concept. As 0-day the estimated underground price was around $0-$5k. A possible mitigation has been published before and not just after the disclosure of the vulnerability.