CVE-2021-42663
published 2021-11-05CVE-2021-42663: An HTML injection vulnerability exists in Sourcecodester Online Event Booking and Reservation System in PHP/MySQL via the msg parameter to…
PriorityP430medium4.3CVSS 3.1
AVNACLPRNUIRSUCLINAN
EXPLOIT
EPSS
3.79%
88.6th percentile
An HTML injection vulnerability exists in Sourcecodester Online Event Booking and Reservation System in PHP/MySQL via the msg parameter to /event-management/index.php. An attacker can leverage this vulnerability in order to change the visibility of the website. Once the target user clicks on a given link he will display the content of the HTML code of the attacker's choice.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| online_event_booking_and_reservation_system_project | online_event_booking_and_reservation_system | — | — |
CVSS provenance
nvdv3.14.3MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:P/I:N/A:N
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Nuclei
Sourcecodester Online Event Booking and Reservation System 2.3.0 - Cross-Site Scripting
nuclei·CVSS 4.3
CVE-2021-42663 [MEDIUM] Sourcecodester Online Event Booking and Reservation System 2.3.0 - Cross-Site Scripting
Sourcecodester Online Event Booking and Reservation System 2.3.0 - Cross-Site Scripting
Sourcecodester Online Event Booking and Reservation System 2.3.0 contains a cross-site scripting vulnerability in PHP/MySQL via the msg parameter to /event-management/index.php. An attacker can leverage this vulnerability in order to change the visibility of the website. Once the target user clicks on a given link, the content of the HTML code of the attacker's choice displays.
Template:
id: CVE-2021-42663
info:
name: Sourcecodester Online Event Booking and Reservation System 2.3.0 - Cross-Site Scripting
author: fxploit
severity: medium
description: |
Sourcecodester Online Event Booking and Reservation System 2.3.0 contains a cross-site scripting vulnerability in PHP/MySQL via the msg parameter to /
No writeups or analysis indexed.
2021-11-05
Published