| Title | code-projects Simple Car Rental System 1.0 Cross Site Scripting |
|---|
| Description | A Stored Cross-Site Scripting (Stored XSS) vulnerability was found in the /admin/add_vehicles.php file of code-projects Simple Car Rental System 1.0. This vulnerability exists because the application fails to adequately filter input submitted through the car_name parameter in /admin/add_cars.php, and also fails to apply proper HTML entity encoding when displaying that data on the /admin/add_vehicles.php page. This allows an attacker to inject malicious JavaScript code into the database. When other users (especially administrators) view the vehicle list, this malicious script will execute in their browser, potentially leading to consequences such as session hijacking, data theft, or the execution of unauthorized actions. |
|---|
| Source | ⚠️ https://github.com/i-Corner/cve/issues/13 |
|---|
| User | iC0rner (UID 82839) |
|---|
| Submission | 07/28/2025 15:21 (11 months ago) |
|---|
| Moderation | 07/30/2025 10:24 (2 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 318287 [code-projects Simple Car Rental System 1.0 /admin/add_vehicles.php car_name cross site scripting] |
|---|
| Points | 20 |
|---|