CVE-2024-46077

Name of the Vulnerable Software and Affected Versions itsourcecode Online Tours and Travels Management System version 1.0

Description The issue is related to Cross Site Scripting (XSS) that can be triggered by sending a crafted payload to specific parameters in the travellers.php file. The vulnerable parameters include val-username, val-email, val-suggestions, val-digits, and state name. This allows for potential malicious script execution.

Recommendations For itsourcecode Online Tours and Travels Management System version 1.0, consider restricting access to the travellers.php file until a patch is available. As a temporary workaround, avoid using the parameters val-username, val-email, val-suggestions, val-digits, and state name in the travellers.php file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.