| 제목 | Campcodes Online Movie Theater Seat Reservation System 1.0 Cross Site Scripting |
|---|
| 설명 | There is a Stored Cross-Site Scripting(XSS) vulnerability in the Online Movie Theater Seat Reservation System.
Source code address:https://www.campcodes.com/downloads/online-movie-theater-seat-reservation-system-in-php-mysql-source-code/
In this case, ANYONE can submit a reservation request through input fields. Since the inputs are not sanitized or escaped, an attacker can inject a malicious script into the request (e.g., <script>alert(document.cookie)</script>). When an admin opens the book page to check booking status, the script executes in their browser, potentially leading to: Cookie theft, Session hijacking, Unwanted actions performed on behalf of the admin. |
|---|
| 원천 | ⚠️ https://github.com/N1n3b9S/cve/issues/9 |
|---|
| 사용자 | Anonymous User |
|---|
| 제출 | 2025. 07. 17. PM 02:35 (9 개월 ago) |
|---|
| 모더레이션 | 2025. 07. 18. PM 09:36 (1 day later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 316941 [Campcodes Online Movie Theater Seat Reservation System 1.0 Reserve Your Seat Page /index.php?page=reserve Firstname/Lastname 크로스 사이트 스크립팅] |
|---|
| 포인트들 | 20 |
|---|