CVE Catalog

CVE-2023-3318

LowCVSS 3.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.53%

41th percentile — higher than 41% of all known CVEs

Summary

A vulnerability was found in SourceCodester Resort Management System 1.0 that leads to cross-site scripting (XSS) attacks through manipulation of the 'page' argument. The attack can be launched remotely.

Risk Assessment

This vulnerability may allow attackers to inject malicious JavaScript code into the application, potentially leading to user data theft or session hijacking.

Recommendation

It is recommended to update the system to the latest version and implement appropriate input sanitization filters to prevent XSS attacks.

Original NVD description (English source)

A vulnerability was found in SourceCodester Resort Management System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality. The manipulation of the argument page leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-231937 was assigned to this vulnerability.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS