| タイトル | sourcecodester.com Simple Responsive Tourism Website 1.0 Cross Site Scripting |
|---|
| 説明 | A cross-site scripting (XSS) vulnerability exists in the `save_package` endpoint of the Simple Responsive Tourism Website version 1.0. The vulnerability is located in the `title` parameter within the `/tourism/classes/Master.php?f=save_package` script. Due to insufficient input validation and output encoding, an attacker can inject arbitrary JavaScript code via the `title` parameter. This malicious input is then reflected directly in the application's response without proper sanitization, leading to the execution of the injected script in the victim's browser context. Exploitation of this vulnerability allows attackers to steal sensitive information such as session cookies, perform actions on behalf of the victim, or deface the website. No authentication is required to exploit this vulnerability. |
|---|
| ソース | ⚠️ https://github.com/CH0ico/CVE_choco_6 |
|---|
| ユーザー | Choco094late (UID 75875) |
|---|
| 送信 | 2026年02月03日 10:52 (3 月 ago) |
|---|
| モデレーション | 2026年02月07日 09:55 (4 days later) |
|---|
| ステータス | 承諾済み |
|---|
| VulDBエントリ | 344862 [SourceCodester Simple Responsive Tourism Website 1.0 Master.php?f=save_package タイトル クロスサイトスクリプティング] |
|---|
| ポイント | 20 |
|---|