| Название | sourcecodester.com Simple Responsive Tourism Website 1.0 Cross Site Scripting |
|---|
| Описание | A cross-site scripting (XSS) vulnerability exists in the `save_package` endpoint of the Simple Responsive Tourism Website version 1.0. The vulnerability is located in the `title` parameter within the `/tourism/classes/Master.php?f=save_package` script. Due to insufficient input validation and output encoding, an attacker can inject arbitrary JavaScript code via the `title` parameter. This malicious input is then reflected directly in the application's response without proper sanitization, leading to the execution of the injected script in the victim's browser context. Exploitation of this vulnerability allows attackers to steal sensitive information such as session cookies, perform actions on behalf of the victim, or deface the website. No authentication is required to exploit this vulnerability. |
|---|
| Источник | ⚠️ https://github.com/CH0ico/CVE_choco_6 |
|---|
| Пользователь | Choco094late (UID 75875) |
|---|
| Представление | 03.02.2026 10:52 (3 месяцы назад) |
|---|
| Модерация | 07.02.2026 09:55 (4 days later) |
|---|
| Статус | принято |
|---|
| Запись VulDB | 344862 [SourceCodester Simple Responsive Tourism Website 1.0 Master.php?f=save_package Название межсайтовый скриптинг] |
|---|
| Баллы | 20 |
|---|