CVE-2021-42662

Sažetak

A Stored Cross Site Scripting (XSS) vulnerability exists in Sourcecodester Online Event Booking and Reservation System in PHP/MySQL via the Holiday reason parameter. An attacker can leverage this vulnerability in order to run javascript commands on the web server surfers behalf, which can lead to cookie stealing and more.

Reference

https://github.com/TheHackingRabbi/CVE-2021-42662
https://www.exploit-db.com/exploits/50450
https://www.sourcecodester.com/php/14241/online-event-booking-and-reservation-system-phpmysql.html
http://packetstormsecurity.com/files/164615/Online-Event-Booking-And-Reservation-System-1.0-Cross-Site-Scripting.html

CVSS

Base:	3.5
Impact:	2.9
Exploitability:	6.8

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	SINGLE

Impact

Povjerljivost	Cjelovitost	Dostupnost
NONE	PARTIAL	NONE

CVSS vektor

AV:N/AC:M/Au:S/C:N/I:P/A:N

Zadnje važnije ažuriranje

17-11-2021 - 03:34

Objavljeno

05-11-2021 - 11:15