Submit #412842: SourceCodester Online Railway Reservation System 1.0 Cross Site Scripting
| Title | SourceCodester Online Railway Reservation System 1.0 Cross Site Scripting |
|---|---|
| Description | Stored XSS vulnerability was discovered in Sourcecodester's Online Railway Reservation System (Ticket Reservation) Affected product: https://www.sourcecodester.com/php/15121/online-railway-reservation-system-phpoop-project-free-source-code.html Affected Component: http://localhost/orrs/admin/?page=reservations The page http://localhost/orrs/?page=reserve&sid=1 has functionality to make a Ticket Reservation by customer, but the insecure design of http://localhost/orrs/admin/?page=reservations makes it vulnerable to send a malicious JavaScript code. Once the admin visits the Reservations page, the JavaScript code gets executed and can be used to steal the admin's cookies. For more details Check Advisory URL |
| Source | ⚠️ https:/ |
| User | guru (UID 74056) |
| Submission | 09/24/2024 07:19 (2 years ago) |
| Moderation | 09/27/2024 18:46 (3 days later) |
| Status | Accepted |
| VulDB entry | 278793 [SourceCodester Online Railway Reservation System 1.0 /?page=reserve First Name/Middle Name/Last Name cross site scripting] |
| Points | 20 |