| Title | code-projects Online Bike Rental 1.0 Cross Site Scripting |
|---|
| Description | In the 'vehical-details.php' file, in the path '/bikerental/vehical-details.php' an unrestricted Cross-Site Scripting (XSS) vulnerability and injection attacks exist in the "Online Bike Rental" system, specifically targeting the 'vehical-details.php?' parameter. The function executes the user-supplied parameter without validation. Malicious attackers can leverage this vulnerability to access sensitive client information.
script: /bikerental/vehical-details.php?r2llk'-alert(1)-'h7d6km9w2ig=1 |
|---|
| Source | ⚠️ https://code-projects.org/online-bike-rental-system-using-php-source-code/ |
|---|
| User | Havook (UID 71104) |
|---|
| Submission | 07.01.2025 01:52 (vor 4 Monaten) |
|---|
| Moderation | 08.01.2025 18:38 (2 days later) |
|---|
| Status | Akzeptiert |
|---|
| VulDB Entry | 290826 [code-projects Online Bike Rental 1.0 HTTP GET Request /vehical-details.php Cross Site Scripting] |
|---|
| Points | 20 |
|---|