CVE-2024-42763

Name of the Vulnerable Software and Affected Versions Kashipara Bus Ticket Reservation System version 1.0

Description A Reflected Cross Site Scripting (XSS) issue was found in the "/schedule.php" page, which allows remote attackers to execute arbitrary code via the bookingdate parameter. This enables attackers to inject malicious scripts into the webpage, potentially leading to unauthorized actions.

Recommendations For Kashipara Bus Ticket Reservation System version 1.0, as a temporary workaround, consider restricting access to the "/schedule.php" page or disabling the use of the bookingdate parameter until a patch is available. At the moment, there is no information about a newer version that contains a fix for this issue.