| 제목 | SourceCodester Ship/Ferry Ticket Reservation System 1.0 Cross Site Scripting |
|---|
| 설명 | A Stored Cross-Site Scripting (Stored XSS) vulnerability exists in SourceCodester Ship/Ferry Ticket Reservation System 1.0 due to improper sanitization of user-supplied input in the username field. The application fails to properly validate and encode malicious client-side scripts before storing and rendering user-controlled content.
During security testing, it was observed that crafted JavaScript payloads injected into the username field were successfully stored by the application and later executed when the affected content was rendered within the application interface. Because the malicious payload persists on the server, the vulnerability enables persistent execution of attacker-controlled JavaScript in the browser context of users viewing the affected functionality.
Successful exploitation of this vulnerability may allow an attacker to execute arbitrary JavaScript in a victim's browser, hijack authenticated sessions, perform unauthorized actions on behalf of users, manipulate application content, and access sensitive information. During testing, it was confirmed that the injected payload executed successfully after being stored in the vulnerable username field, leading to arbitrary JavaScript execution within the application context. |
|---|
| 원천 | ⚠️ https://medium.com/@hemantrajbhati5555/stored-cross-site-scripting-stored-xss-in-username-field-leads-to-arbitrary-javascript-execution-cd377841da30 |
|---|
| 사용자 | Hemant Raj Bhati (UID 95613) |
|---|
| 제출 | 2026. 05. 18. PM 05:44 (23 날 ago) |
|---|
| 모더레이션 | 2026. 06. 05. AM 10:17 (18 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 368880 [SourceCodester Ship Ferry Ticket Reservation System 1.0 manage_user 사용자 이름 크로스 사이트 스크립팅] |
|---|
| 포인트들 | 20 |
|---|