| Title | PHPGurukul Tourism Management System 1.0 Stored Cross-Site Script |
|---|
| Description | ## Vulnerability Details
- Vulnerability Type: Stored Cross-Site Scripting
- Affected URL: http://localhost/Tourism-Management-System-PHP/tms/admin/user-bookings.php
- Exploited Parameter: http://localhost/Tourism-Management-System-PHP/tms/
**Vulnerability Description:**
Stored XSS, also known as persistent XSS, occurs when an application stores
malicious data from a user into a database, and this data is later displayed on a web
page without proper validation or sanitization. In a blind type of stored XSS, the injected
script is stored, and the payload is not immediately executed upon injection. Instead, the
malicious script remains dormant in the database until it is displayed to another user,
typically an administrator or other privileged user.
In this Scenario, Tourism Management System **** is vulnerable to cross-site scripting attack in “user-bookings.php” when an attacker enters a script payload in the “Full Name” in the Sign Up Form . When the Admin Logs in, Visits ‘Manage User’ Tab and Clicks on “User Bookings” button to see the details, The XSS is Triggered. |
|---|
| Source | ⚠️ https://drive.google.com/file/d/1ulzFlRqsex39dDUOFU2LbmphrQblSAwn/view?usp=drive_link |
|---|
| User | VishnuDev1 (ID 63087) |
|---|
| Submission | 02/20/2024 15:29 (3 months ago) |
|---|
| Moderation | 02/23/2024 09:18 (3 days later) |
|---|
| Status | Accepted |
|---|
| VulDB Entry | 254610 |
|---|