| Title | SourceCodester Ship/Ferry Ticket Reservation System 1.0 Cross Site Scripting |
|---|
| Description | A Stored Cross-Site Scripting (Stored XSS) vulnerability exists in SourceCodester Ship/Ferry Ticket Reservation System 1.0 due to improper sanitization of user-supplied input in the username field. The application fails to properly validate and encode malicious client-side scripts before storing and rendering user-controlled content.
During security testing, it was observed that crafted JavaScript payloads injected into the username field were successfully stored by the application and later executed when the affected content was rendered within the application interface. Because the malicious payload persists on the server, the vulnerability enables persistent execution of attacker-controlled JavaScript in the browser context of users viewing the affected functionality.
Successful exploitation of this vulnerability may allow an attacker to execute arbitrary JavaScript in a victim's browser, hijack authenticated sessions, perform unauthorized actions on behalf of users, manipulate application content, and access sensitive information. During testing, it was confirmed that the injected payload executed successfully after being stored in the vulnerable username field, leading to arbitrary JavaScript execution within the application context. |
|---|
| Source | ⚠️ https://medium.com/@hemantrajbhati5555/stored-cross-site-scripting-stored-xss-in-username-field-leads-to-arbitrary-javascript-execution-cd377841da30 |
|---|
| User | Hemant Raj Bhati (UID 95613) |
|---|
| Submission | 05/18/2026 17:44 (23 days ago) |
|---|
| Moderation | 06/05/2026 10:17 (18 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 368880 [SourceCodester Ship Ferry Ticket Reservation System 1.0 manage_user Username cross site scripting] |
|---|
| Points | 20 |
|---|