| 제목 | SourceCodester Online Railway Reservation System 1.0 Cross Site Scripting |
|---|
| 설명 | Stored XSS vulnerability was discovered in Sourcecodester's Online Railway Reservation System (Ticket Reservation)
Affected product: https://www.sourcecodester.com/php/15121/online-railway-reservation-system-phpoop-project-free-source-code.html
Affected Component: http://localhost/orrs/admin/?page=reservations
The page http://localhost/orrs/?page=reserve&sid=1 has functionality to make a Ticket Reservation by customer, but the insecure design of http://localhost/orrs/admin/?page=reservations makes it vulnerable to send a malicious JavaScript code. Once the admin visits the Reservations page, the JavaScript code gets executed and can be used to steal the admin's cookies.
For more details Check Advisory URL |
|---|
| 원천 | ⚠️ https://github.com/gurudattch/CVEs/blob/main/Sourcecodster-Online-Railway-Reservation-StoredXSS-in-reservetion.md |
|---|
| 사용자 | guru (UID 74056) |
|---|
| 제출 | 2024. 09. 24. AM 07:19 (2 연령 ago) |
|---|
| 모더레이션 | 2024. 09. 27. PM 06:46 (3 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 278793 [SourceCodester Online Railway Reservation System 1.0 /?page=reserve First Name/Middle Name/Last Name 크로스 사이트 스크립팅] |
|---|
| 포인트들 | 20 |
|---|