Cross Site Scripting Vulnerability in SourceCodester Simple Responsive Tourism Website
CVE-2026-2159
Key Information:
- Vendor
Sourcecodester
- Vendor
- CVE Published:
- 8 February 2026
Badges
What is CVE-2026-2159?
A vulnerability has been identified in the SourceCodester Simple Responsive Tourism Website 1.0 affecting an unknown function in the Master.php file associated with the registration component. By manipulating the arguments such as firstname, lastname, or username, an attacker can execute cross site scripting (XSS) attacks remotely. This weakness allows for the potential execution of harmful scripts in the browser of unsuspecting users, which could lead to data theft or other malicious activities. The exploit has already been published, highlighting the urgency for users to apply necessary updates or patches to mitigate this risk.
Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.
Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.
Affected Version(s)
Simple Responsive Tourism Website 1.0
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
References
CVSS V4
Timeline
- ๐ก
Public PoC available
- ๐พ
Exploit known to exist
Vulnerability published
Vulnerability Reserved