CVE-2023-1030

CVSS v3.1

6.1

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions SourceCodester Online Boat Reservation System version 1.0

Description A vulnerability has been found in the file /boat/login.php of the component POST Parameter Handler. The manipulation of the argument un leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

Recommendations For SourceCodester Online Boat Reservation System version 1.0, consider disabling the un argument in the /boat/login.php file as a temporary workaround until a patch is available. Restrict access to the POST Parameter Handler component to minimize the risk of exploitation. Avoid using the un argument in the affected API endpoint until the issue is resolved.

Exploit

Fix

Code Injection

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-94CWE-79

Related Identifiers

CVE-2023-1030

Affected Products

Sourcecodester Online Hotel Reservation System

CVE-2023-1030

Weakness Enumeration

Related Identifiers

Affected Products

References · 8