| Título | sourcecodester.com Simple Responsive Tourism Website 1.0 Cross Site Scripting |
|---|
| Descripción | A cross-site scripting (XSS) vulnerability exists in the `save_package` endpoint of the Simple Responsive Tourism Website version 1.0. The vulnerability is located in the `title` parameter within the `/tourism/classes/Master.php?f=save_package` script. Due to insufficient input validation and output encoding, an attacker can inject arbitrary JavaScript code via the `title` parameter. This malicious input is then reflected directly in the application's response without proper sanitization, leading to the execution of the injected script in the victim's browser context. Exploitation of this vulnerability allows attackers to steal sensitive information such as session cookies, perform actions on behalf of the victim, or deface the website. No authentication is required to exploit this vulnerability. |
|---|
| Fuente | ⚠️ https://github.com/CH0ico/CVE_choco_6 |
|---|
| Usuario | Choco094late (UID 75875) |
|---|
| Sumisión | 2026-02-03 10:52 (hace 3 meses) |
|---|
| Moderación | 2026-02-07 09:55 (4 days later) |
|---|
| Estado | Aceptado |
|---|
| Entrada de VulDB | 344862 [SourceCodester Simple Responsive Tourism Website 1.0 Master.php?f=save_package Título secuencias de comandos en sitios cruzados] |
|---|
| Puntos | 20 |
|---|