CVE-2021-42662

A Stored Cross Site Scripting (XSS) vulnerability exists in Sourcecodester Online Event Booking and Reservation System in PHP/MySQL via the Holiday reason parameter. An attacker can leverage this vulnerability in order to run javascript commands on the web server surfers behalf, which can lead to cookie stealing and more.
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5.4 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 83%
VendorProductVersion
online_event_booking_and_reservation_system_projectonline_event_booking_and_reservation_system
2.3.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://packetstormsecurity.com/files/164615/Online-Event-Booking-And-Reservation-System-1.0-Cross-Site-Scripting.html
https://github.com/TheHackingRabbi/CVE-2021-42662
https://www.exploit-db.com/exploits/50450
https://www.sourcecodester.com/php/14241/online-event-booking-and-reservation-system-phpmysql.html
http://packetstormsecurity.com/files/164615/Online-Event-Booking-And-Reservation-System-1.0-Cross-Site-Scripting.html
https://github.com/TheHackingRabbi/CVE-2021-42662
https://www.exploit-db.com/exploits/50450
https://www.sourcecodester.com/php/14241/online-event-booking-and-reservation-system-phpmysql.html