Vulnerability Details CVE-2021-42662
A Stored Cross Site Scripting (XSS) vulnerability exists in Sourcecodester Online Event Booking and Reservation System in PHP/MySQL via the Holiday reason parameter. An attacker can leverage this vulnerability in order to run javascript commands on the web server surfers behalf, which can lead to cookie stealing and more.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.022
EPSS Ranking 83.8%
CVSS Severity
CVSS v3 Score 5.4
CVSS v2 Score 3.5
References
- http://packetstormsecurity.com/files/164615/Online-Event-Booking-And-Reservation-System-1.0-Cross-Site-Scripting.html
- https://github.com/TheHackingRabbi/CVE-2021-42662
- https://www.exploit-db.com/exploits/50450
- https://www.sourcecodester.com/php/14241/online-event-booking-and-reservation-system-phpmysql.html
- http://packetstormsecurity.com/files/164615/Online-Event-Booking-And-Reservation-System-1.0-Cross-Site-Scripting.html
- https://github.com/TheHackingRabbi/CVE-2021-42662
- https://www.exploit-db.com/exploits/50450
- https://www.sourcecodester.com/php/14241/online-event-booking-and-reservation-system-phpmysql.html
Products affected by CVE-2021-42662
-
Online Event Booking And Reservation System Project » Online Event Booking And Reservation System » Version: 2.3.0cpe:2.3:a:online_event_booking_and_reservation_system_project:online_event_booking_and_reservation_system:2.3.0