| عنوان | SourceCodester Resort Reservation System 1 Cross Site Scripting |
|---|
| الوصف | A stored cross-site scripting (XSS) vulnerability exists in the Reservation Management module of the SourceCodester Resort Reservation System (PHP + SQLite). The application fails to properly sanitize and encode user-supplied input in reservation fields such as Fullname and Remarks. Malicious JavaScript injected into these fields is stored in the database and executed when rendered in administrative pages, potentially leading to session hijacking and privilege escalation. |
|---|
| المصدر | ⚠️ https://medium.com/@rvpipalwa/stored-cross-site-scripting-xss-in-reservation-management-sourcecodester-resort-reservation-894ee77d7312 |
|---|
| المستخدم | rvpipalwa (UID 93501) |
|---|
| ارسال | 28/02/2026 11:14 AM (2 أشهر منذ) |
|---|
| الاعتدال | 08/03/2026 06:43 PM (8 days later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 349785 [SourceCodester Resort Reservation System 1.0 Reservation Management ?page=manage_reservation معرف البرمجة عبر المواقع] |
|---|
| النقاط | 20 |
|---|