| Titolo | Campcodes Online Hotel Reservation System V1.0 Stored XSS |
|---|
| Descrizione | Root Cause
The server fails to escape user input before rendering it to the browser, omitting the use of functions like . As a result, HTML/JavaScript code submitted by users is interpreted and executed by the browser.htmlspecialchars()
Impact
An attacker can execute arbitrary scripts
leading to:
Allows attackers to inject JavaScript via chat messagesSteal session cookies or authentication dataHijack user sessions or simulate user actions, etc.
DESCRIPTION
Online Hotel Reservation System When adding users to the /admin/account.php file, call the /admin/add_account.php file and then call the/admin/add_query_account.php file. After submitting the form, the submitted data is processed by the add_query_account.php file without any filtering. An attacker can inject malicious HTML or JavaScript content, which will execute in other users' browsers when they view the page, resulting in a Cross-Site Scripting (XSS) attack.chat_msgyour_name. |
|---|
| Fonte | ⚠️ https://github.com/XiaoJiesecqwq/sql/issues/3 |
|---|
| Utente | Anonymous User |
|---|
| Sottomissione | 29/07/2025 16:02 (11 mesi fa) |
|---|
| Moderazione | 30/07/2025 19:54 (1 day later) |
|---|
| Stato | Accettato |
|---|
| Voce VulDB | 318358 [Campcodes Online Hotel Reservation System 1.0 add_query_account.php Nome cross site scripting] |
|---|
| Punti | 20 |
|---|