CodeAstro Online Railway Reservation System 1.0 - Cross Site Scripting (XSS)

vendor:

Online Railway Reservation System

by:

Raj Nandi

3.1

CVSS

MEDIUM

Cross Site Scripting (XSS)

CWE

Product Name: Online Railway Reservation System

Affected Version From: 1

Affected Version To: 1

Patch Exists: NO

Related CWE: CVE-2024-7815

CPE: codeastro:online_railway_reservation_system:1.0

Metasploit:

Other Scripts:

Platforms Tested: Any OS

2024

CodeAstro Online Railway Reservation System 1.0 – Cross Site Scripting (XSS)

A Cross-Site Scripting (XSS) vulnerability was found in CodeAstro Online Railway Reservation System version 1.0. This vulnerability allows attackers to insert and run malicious JavaScript code in the user's browser session.

Mitigation:

To mitigate this vulnerability, it is important to sanitize and validate all user inputs before displaying them on the website.

Source

Exploit-DB raw data:

# Exploit Title: CodeAstro Online Railway Reservation System 1.0 - Cross Site Scripting (XSS)
# Date: 2024-08-15
# Exploit Author: Raj Nandi
# Vendor Homepage: https://codeastro.com/
# Software Link:
https://codeastro.com/online-railway-reservation-system-in-php-with-source-code/
# Version: 1.0
# Tested on: Any OS
# CVE: CVE-2024-7815

## Description:
A Cross-Site Scripting (XSS) vulnerability exists in [Application
Name/Version]. This vulnerability allows an attacker to inject and execute
arbitrary JavaScript code within the context of the user's browser session.

## Proof of Concept (PoC):
1. Navigate to [vulnerable page or input field].
2. Input the following payload: `<script>alert(document.cookie)</script>`
3. Upon execution, the script will trigger and display the user's cookies
in an alert box.

## Mitigation:
To prevent this vulnerability, ensure that all user inputs are properly
sanitized and validated before being reflected back on the webpage.