| Title | Campcodes Online Hotel Reservation System V1.0 Stored XSS |
|---|
| Description | Root Cause
The server fails to escape user input before rendering it to the browser, omitting the use of functions like . As a result, HTML/JavaScript code submitted by users is interpreted and executed by the browser.htmlspecialchars()
Impact
An attacker can execute arbitrary scripts
leading to:
Allows attackers to inject JavaScript via chat messagesSteal session cookies or authentication dataHijack user sessions or simulate user actions, etc.
DESCRIPTION
Online Hotel Reservation System When adding users to the /admin/account.php file, call the /admin/add_account.php file and then call the/admin/add_query_account.php file. After submitting the form, the submitted data is processed by the add_query_account.php file without any filtering. An attacker can inject malicious HTML or JavaScript content, which will execute in other users' browsers when they view the page, resulting in a Cross-Site Scripting (XSS) attack.chat_msgyour_name. |
|---|
| Source | ⚠️ https://github.com/XiaoJiesecqwq/sql/issues/3 |
|---|
| User | Anonymous User |
|---|
| Submission | 07/29/2025 16:02 (11 months ago) |
|---|
| Moderation | 07/30/2025 19:54 (1 day later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 318358 [Campcodes Online Hotel Reservation System 1.0 add_query_account.php Name cross site scripting] |
|---|
| Points | 20 |
|---|