Cross Site Scripting (XSS) in Best House Rental Management System v1.0

CVE-2024-40576

Cross Site Scripting (XSS) in Best House Rental Management System v1.0

Exploit Author: Jubilian Ho Hong Yi
Vendor Homepage: https://www.sourcecodester.com/php/17375/best-courier-management-system-project-php.html
Software Link: https://www.sourcecodester.com/download-code?nid=17375&title=Best+house+rental+management+system+project+in+php+
Version: 1.0
Tested on: Windows 11, PHP 8.2.4, Apache 2.4.56

Description

Cross Site Scripting Vulnerability in Best House Rental Management System v1.0 allows an attacker to execute arbitrary code via the "House No" and "Description" fields in the houses page at index.php

Proof of Concept (PoC)

Payload(s)

<script>alert(1);</script>
<script>alert(document.cookie);</script>

Impact / Implications

Attackers can inject HTML or JavaScript codes that reflect at anyone who visits the page.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Cross Site Scripting (XSS) in Best House Rental Management System v1.0

Package

Affected versions

Patched versions

Description

CVE-2024-40576

Cross Site Scripting (XSS) in Best House Rental Management System v1.0

Description

Proof of Concept (PoC)

Payload(s)

Impact / Implications

Severity

CVE ID

Weaknesses

Credits