CVE-2024-57427

Name of the Vulnerable Software and Affected Versions: PHPJabbers Cinema Booking System version 2.0

Description: The issue concerns reflected cross-site scripting (XSS), where multiple endpoints improperly handle user input. This allows malicious scripts to execute in a victim's browser. Attackers can craft malicious links to steal session cookies or conduct phishing attacks.

Recommendations: For PHPJabbers Cinema Booking System version 2.0, consider disabling endpoints that improperly handle user input as a temporary workaround until a patch is available. Restrict access to sensitive user data to minimize the risk of exploitation. Avoid using user-input handling functions in affected endpoints until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.