| 제목 | SourceCodester Online Railway Reservation System 1.0 Cross Site Scripting |
|---|
| 설명 | A Stored Cross site Scripting Vulnerability was discoveed in Sourcecoderster's Online Railway Reservation System
Vulnerable product:https://www.sourcecodester.com/php/15121/online-railway-reservation-system-phpoop-project-free-source-code.html
The page contact_us.php has functionality to send inquiries of customers to the admin, but the insecure design of /admin/inquiries/index.php makes it vulnerable to send a malicious JavaScript code. Once the admin visits the inquiries page, the JavaScript code gets executed and can be used to steal the admin's cookies.
The index.php file is vulnerable to XSS attacks. XSS: The <?= ucwords($row['fullname']) ?>, <?= ($row['email']) ?>, and <?= ($row['message']) ?> code is vulnerable to XSS attacks because it directly outputs user-input data without proper sanitization or encoding.
Check more details in Advisory |
|---|
| 원천 | ⚠️ https://github.com/gurudattch/CVEs/blob/main/Sourcecoderster-Online-Railway-Reservation-System-stored-xss.md |
|---|
| 사용자 | guru (UID 74056) |
|---|
| 제출 | 2024. 09. 23. PM 01:45 (2 연령 ago) |
|---|
| 모더레이션 | 2024. 09. 27. PM 06:47 (4 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 278794 [SourceCodester Online Railway Reservation System 1.0 Message Us Form contact_us.php fullname/email/message 크로스 사이트 스크립팅] |
|---|
| 포인트들 | 20 |
|---|