Cross Site Scripting Vulnerability Discovered in Online Railway Reservation System
CVE-2024-9299

5.4MEDIUM

Key Information:

Vendor: SourceCodester
Status: Railway Reservation System
Vendor: CVE Published:; 28 September 2024

Summary

A problematic cross-site scripting (XSS) vulnerability exists within the SourceCodester Online Railway Reservation System version 1.0. This vulnerability is triggered by manipulating the incoming parameters such as First Name, Middle Name, or Last Name in the URL path /?page=reserve. The flaw allows attackers to execute arbitrary JavaScript code in the context of the user's browser, leading to potential data theft, session hijacking, or defacement of the web application. Given that the exploit can be executed remotely, it poses a significant risk to affected users and the overall integrity of the system. Public disclosure of the vulnerability raises critical concerns about the potential for exploitation in real-world scenarios.

References

https://vuldb.com/?id.278793

https://vuldb.com/?ctiid.278793

https://vuldb.com/?submit.412842

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Sep 28, 2024