| 제목 | Campcodes Online Hotel Reservation System V1.0 Stored XSS |
|---|
| 설명 | Root Cause
The server fails to escape user input before rendering it to the browser, omitting the use of functions like . As a result, HTML/JavaScript code submitted by users is interpreted and executed by the browser.htmlspecialchars()
Impact
An attacker can execute arbitrary scripts
leading to:
Allows attackers to inject JavaScript via chat messagesSteal session cookies or authentication dataHijack user sessions or simulate user actions, etc.
DESCRIPTION
Online Hotel Reservation System When adding users to the /admin/account.php file, call the /admin/add_account.php file and then call the/admin/add_query_account.php file. After submitting the form, the submitted data is processed by the add_query_account.php file without any filtering. An attacker can inject malicious HTML or JavaScript content, which will execute in other users' browsers when they view the page, resulting in a Cross-Site Scripting (XSS) attack.chat_msgyour_name. |
|---|
| 원천 | ⚠️ https://github.com/XiaoJiesecqwq/sql/issues/3 |
|---|
| 사용자 | Anonymous User |
|---|
| 제출 | 2025. 07. 29. PM 04:02 (11 개월 ago) |
|---|
| 모더레이션 | 2025. 07. 30. PM 07:54 (1 day later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 318358 [Campcodes Online Hotel Reservation System 1.0 add_query_account.php 이름 크로스 사이트 스크립팅] |
|---|
| 포인트들 | 20 |
|---|