CVE-2026-11338
LowCVSS 2.4Summary
A cross site scripting (XSS) vulnerability has been identified in SourceCodester Ship Ferry Ticket Reservation System version 1.0 in the user management function. Manipulating the 'Username' argument allows for remote exploitation.
Risk Assessment
This vulnerability could lead to user data theft and session hijacking, posing a serious threat to organizational security.
Recommendation
It is recommended to update the system to the latest version and implement input validation to minimize the risk of XSS attacks.
Original NVD description (English source)
A security vulnerability has been detected in SourceCodester Ship Ferry Ticket Reservation System 1.0. Impacted is an unknown function of the file /admin/?page=user/manage_user. The manipulation of the argument Username leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed publicly and may be used.

