CVE-2023-3309
LowCVSS 3.5Exploitation Probability (EPSS)
Low risk39th percentile — higher than 39% of all known CVEs
Summary
A vulnerability was found in SourceCodester Resort Reservation System 1.0 that allows cross-site scripting (XSS) attacks through manipulation of the Cottage Number argument on the Manage Room Page.
Risk Assessment
An attacker can remotely exploit this vulnerability, potentially leading to user data theft or session hijacking.
Recommendation
It is recommended to update the system to the latest version and implement input validation to minimize the risk of XSS attacks.
Original NVD description (English source)
A vulnerability classified as problematic was found in SourceCodester Resort Reservation System 1.0. Affected by this vulnerability is an unknown functionality of the file ?page=rooms of the component Manage Room Page. The manipulation of the argument Cottage Number leads to cross site scripting. The attack can be launched remotely. The identifier VDB-231805 was assigned to this vulnerability.

