Submit #800121: code-projects Home Service System In PHP 1.0 Cross Site Scriptinginfo

Titlecode-projects Home Service System In PHP 1.0 Cross Site Scripting
DescriptionA stored cross-site scripting (XSS) vulnerability exists in the booking.php component of code-projects Home Service System In PHP 1.0. The fname and lname parameters are not properly sanitized before being stored and later rendered in the admin panel. This allows a remote unauthenticated attacker to inject malicious JavaScript which executes in the administrator's browser context. Successful exploitation leads to session cookie theft and complete administrative account takeover. Proof of concept and exploitation details have been publicly disclosed.
Source⚠️ https://github.com/Xmyronn/home-service-system-unauth-stored-xss-admin-takeover-code-project.org-.git
User
 imad alvi (UID 97088)
Submission04/08/2026 19:16 (3 months ago)
Moderation04/26/2026 10:22 (18 days later)
StatusAccepted
VulDB entry359664 [code-projects Home Service System 1.0 Appointment Booking /booking.php fname/lname cross site scripting]
Points20

Do you know our Splunk app?

Download it now for free!