| Title | sourcecodester.com Simple Responsive Tourism Website 1.0 Cross Site Scripting |
|---|
| Description | A cross-site scripting (XSS) vulnerability exists in the `register` functionality (`/tourism/classes/Master.php?f=register`) of Simple Responsive Tourism Website version 1.0. The vulnerability is caused by improper neutralization of user input in the `firstname` parameter (and potentially other parameters) during output. The application fails to adequately validate, filter, or encode user-supplied data before reflecting it back in the HTTP response. An unauthenticated remote attacker can exploit this vulnerability by injecting malicious JavaScript payloads into the `firstname` field (or other vulnerable fields). Successful exploitation allows the execution of arbitrary script code within the context of a victim's browser session. This can lead to session hijacking, theft of sensitive information (such as cookies or session tokens), defacement of the website, or redirection to malicious sites. The vulnerability poses a direct threat to user privacy and application security. |
|---|
| Source | ⚠️ https://github.com/CH0ico/CVE_choco_5 |
|---|
| User | Choco094late (UID 75875) |
|---|
| Submission | 02/03/2026 10:44 (3 months ago) |
|---|
| Moderation | 02/07/2026 09:55 (4 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 344861 [SourceCodester Simple Responsive Tourism Website 1.0 Registration Master.php?f=register firstname/lastname/username cross site scripting] |
|---|
| Points | 20 |
|---|