| 제목 | sourcecodester.com Simple Responsive Tourism Website 1.0 Cross Site Scripting |
|---|
| 설명 | A cross-site scripting (XSS) vulnerability exists in the `save_package` endpoint of the Simple Responsive Tourism Website version 1.0. The vulnerability is located in the `title` parameter within the `/tourism/classes/Master.php?f=save_package` script. Due to insufficient input validation and output encoding, an attacker can inject arbitrary JavaScript code via the `title` parameter. This malicious input is then reflected directly in the application's response without proper sanitization, leading to the execution of the injected script in the victim's browser context. Exploitation of this vulnerability allows attackers to steal sensitive information such as session cookies, perform actions on behalf of the victim, or deface the website. No authentication is required to exploit this vulnerability. |
|---|
| 원천 | ⚠️ https://github.com/CH0ico/CVE_choco_6 |
|---|
| 사용자 | Choco094late (UID 75875) |
|---|
| 제출 | 2026. 02. 03. AM 10:52 (3 개월 ago) |
|---|
| 모더레이션 | 2026. 02. 07. AM 09:55 (4 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 344862 [SourceCodester Simple Responsive Tourism Website 1.0 Master.php?f=save_package 제목 크로스 사이트 스크립팅] |
|---|
| 포인트들 | 20 |
|---|