Ship Ferry Ticket Reservation System
Monthly
Stored cross-site scripting in SourceCodester Ship Ferry Ticket Reservation System 1.0 allows a remote attacker with high-privilege (admin-level) access to inject persistent malicious JavaScript into the Username field of the user management panel at /admin/?page=user/manage_user, which then executes in the browser of any other privileged user who visits that page. The vulnerability carries a CVSS base score of only 2.4 due to the combination of required high privileges, mandatory user interaction, and limited integrity-only impact with no confidentiality or availability consequence. No public exploit identified at time of analysis as a KEV-confirmed threat, but publicly available exploit code exists via a published Medium article and VulDB report.
Stored cross-site scripting in SourceCodester Ship Ferry Ticket Reservation System 1.0 allows a remote attacker with high-privilege (admin-level) access to inject persistent malicious JavaScript into the Username field of the user management panel at /admin/?page=user/manage_user, which then executes in the browser of any other privileged user who visits that page. The vulnerability carries a CVSS base score of only 2.4 due to the combination of required high privileges, mandatory user interaction, and limited integrity-only impact with no confidentiality or availability consequence. No public exploit identified at time of analysis as a KEV-confirmed threat, but publicly available exploit code exists via a published Medium article and VulDB report.