CVE Catalog

CVE-2023-3309

LowCVSS 3.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.50%

39th percentile — higher than 39% of all known CVEs

Summary

A vulnerability was found in SourceCodester Resort Reservation System 1.0 that allows cross-site scripting (XSS) attacks through manipulation of the Cottage Number argument on the Manage Room Page.

Risk Assessment

An attacker can remotely exploit this vulnerability, potentially leading to user data theft or session hijacking.

Recommendation

It is recommended to update the system to the latest version and implement input validation to minimize the risk of XSS attacks.

Original NVD description (English source)

A vulnerability classified as problematic was found in SourceCodester Resort Reservation System 1.0. Affected by this vulnerability is an unknown functionality of the file ?page=rooms of the component Manage Room Page. The manipulation of the argument Cottage Number leads to cross site scripting. The attack can be launched remotely. The identifier VDB-231805 was assigned to this vulnerability.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS