| Title | SourceCodester Resort Reservation System 1 Cross Site Scripting |
|---|
| Description | A stored cross-site scripting (XSS) vulnerability exists in the Reservation Management module of the SourceCodester Resort Reservation System (PHP + SQLite). The application fails to properly sanitize and encode user-supplied input in reservation fields such as Fullname and Remarks. Malicious JavaScript injected into these fields is stored in the database and executed when rendered in administrative pages, potentially leading to session hijacking and privilege escalation. |
|---|
| Source | ⚠️ https://medium.com/@rvpipalwa/stored-cross-site-scripting-xss-in-reservation-management-sourcecodester-resort-reservation-894ee77d7312 |
|---|
| User | rvpipalwa (UID 93501) |
|---|
| Submission | 02/28/2026 11:14 (2 months ago) |
|---|
| Moderation | 03/08/2026 18:43 (8 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 349785 [SourceCodester Resort Reservation System 1.0 Reservation Management ?page=manage_reservation ID cross site scripting] |
|---|
| Points | 20 |
|---|