| Titolo | SourceCodester Online Railway Reservation System 1.0 Cross Site Scripting |
|---|
| Descrizione | Stored XSS vulnerability was discovered in Sourcecodester's Online Railway Reservation System (Ticket Reservation)
Affected product: https://www.sourcecodester.com/php/15121/online-railway-reservation-system-phpoop-project-free-source-code.html
Affected Component: http://localhost/orrs/admin/?page=reservations
The page http://localhost/orrs/?page=reserve&sid=1 has functionality to make a Ticket Reservation by customer, but the insecure design of http://localhost/orrs/admin/?page=reservations makes it vulnerable to send a malicious JavaScript code. Once the admin visits the Reservations page, the JavaScript code gets executed and can be used to steal the admin's cookies.
For more details Check Advisory URL |
|---|
| Fonte | ⚠️ https://github.com/gurudattch/CVEs/blob/main/Sourcecodster-Online-Railway-Reservation-StoredXSS-in-reservetion.md |
|---|
| Utente | guru (UID 74056) |
|---|
| Sottomissione | 24/09/2024 07:19 (2 anni fa) |
|---|
| Moderazione | 27/09/2024 18:46 (3 days later) |
|---|
| Stato | Accettato |
|---|
| Voce VulDB | 278793 [SourceCodester Online Railway Reservation System 1.0 /?page=reserve First Name/Middle Name/Last Name cross site scripting] |
|---|
| Punti | 20 |
|---|