| عنوان | sourcecodester.com Simple Responsive Tourism Website 1.0 Cross Site Scripting |
|---|
| الوصف | A cross-site scripting (XSS) vulnerability exists in the `save_package` endpoint of the Simple Responsive Tourism Website version 1.0. The vulnerability is located in the `title` parameter within the `/tourism/classes/Master.php?f=save_package` script. Due to insufficient input validation and output encoding, an attacker can inject arbitrary JavaScript code via the `title` parameter. This malicious input is then reflected directly in the application's response without proper sanitization, leading to the execution of the injected script in the victim's browser context. Exploitation of this vulnerability allows attackers to steal sensitive information such as session cookies, perform actions on behalf of the victim, or deface the website. No authentication is required to exploit this vulnerability. |
|---|
| المصدر | ⚠️ https://github.com/CH0ico/CVE_choco_6 |
|---|
| المستخدم | Choco094late (UID 75875) |
|---|
| ارسال | 03/02/2026 10:52 AM (3 أشهر منذ) |
|---|
| الاعتدال | 07/02/2026 09:55 AM (4 days later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 344862 [SourceCodester Simple Responsive Tourism Website 1.0 Master.php?f=save_package عنوان البرمجة عبر المواقع] |
|---|
| النقاط | 20 |
|---|