| Titel | sourcecodester.com Simple Responsive Tourism Website 1.0 Cross Site Scripting |
|---|
| Beschreibung | A cross-site scripting (XSS) vulnerability exists in the `register` functionality (`/tourism/classes/Master.php?f=register`) of Simple Responsive Tourism Website version 1.0. The vulnerability is caused by improper neutralization of user input in the `firstname` parameter (and potentially other parameters) during output. The application fails to adequately validate, filter, or encode user-supplied data before reflecting it back in the HTTP response. An unauthenticated remote attacker can exploit this vulnerability by injecting malicious JavaScript payloads into the `firstname` field (or other vulnerable fields). Successful exploitation allows the execution of arbitrary script code within the context of a victim's browser session. This can lead to session hijacking, theft of sensitive information (such as cookies or session tokens), defacement of the website, or redirection to malicious sites. The vulnerability poses a direct threat to user privacy and application security. |
|---|
| Quelle | ⚠️ https://github.com/CH0ico/CVE_choco_5 |
|---|
| Benutzer | Choco094late (UID 75875) |
|---|
| Einreichung | 03.02.2026 10:44 (vor 3 Monaten) |
|---|
| Moderieren | 07.02.2026 09:55 (4 days later) |
|---|
| Status | Akzeptiert |
|---|
| VulDB Eintrag | 344861 [SourceCodester Simple Responsive Tourism Website 1.0 Registration Master.php?f=register firstname/lastname/username Cross Site Scripting] |
|---|
| Punkte | 20 |
|---|