| Title | MAGESH-K21 Online-College-Event-Hall-Reservation-System 1.0 Reflected XSS |
|---|
| Description | The Online College Event Hall Reservation System is vulnerable to a Reflected Cross-Site Scripting (XSS) attack in its `/admin/update-users.php` page. Attackers can exploit this by embedding an `img` tag with a JavaScript `onerror` event in the `id` parameter, as shown in the proof of concept. This flaw allows the execution of arbitrary JavaScript code in the context of the user's browser, emphasizing the necessity for input sanitization and encoding to mitigate XSS vulnerabilities and protect users' data. |
|---|
| Source | ⚠️ https://github.com/skid-nochizplz/skid-nochizplz/blob/main/TrashBin/CVE/MAGESH-K21%20%20Online-College-Event-Hall-Reservation-System/Reflected%20XSS%20-%20update-users.php.md |
|---|
| User | nochizplz (UID 64302) |
|---|
| Submission | 03/08/2024 06:00 (2 years ago) |
|---|
| Moderation | 03/15/2024 17:29 (7 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 256970 [MAGESH-K21 Online-College-Event-Hall-Reservation-System 1.0 /admin/update-users.php ID cross site scripting] |
|---|
| Points | 20 |
|---|