PT-2026-6991 · Sourcecodester · Simple Responsive Tourism Website
Choco094Late
·
Published
2026-02-08
·
Updated
2026-02-08
·
CVE-2026-2160
CVSS v3.1
6.1
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
SourceCodester Simple Responsive Tourism Website version 1.0
Description
A flaw exists in SourceCodester Simple Responsive Tourism Website that allows for cross site scripting. This issue is triggered through manipulation of the
Title argument in the file /tourism/classes/Master.php?f=save package. The attack can be launched remotely. The exploit details have been publicly released.Recommendations
Apply any available updates to address the issue in the affected file
/tourism/classes/Master.php?f=save package.
As a temporary workaround, consider sanitizing the Title input to prevent the injection of malicious scripts.Exploit
Fix
XSS
Code Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Simple Responsive Tourism Website