CVE-2021-42223

MEDIUM

Online DJ Booking Management System 1.0 - Cross-Site Scripting in view-booking-detail.php

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2021-42223. PoCs published by Yash Mahajan.

AI-analyzed exploit summary This exploit demonstrates a blind XSS vulnerability in Online DJ Booking Management System 1.0, where malicious scripts are injected into form fields and executed when an admin views booking details.

Description

Cross Site Scripting (XSS).vulnerability exists in Online DJ Booking Management System 1.0 in view-booking-detail.php.

Exploits (1)

exploitdb WORKING POC

by Yash Mahajan · textwebappsphp

https://www.exploit-db.com/exploits/50386

View Code ZIP pw:eip

This exploit demonstrates a blind XSS vulnerability in Online DJ Booking Management System 1.0, where malicious scripts are injected into form fields and executed when an admin views booking details.

Classification

Working Poc 95%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: Online DJ Booking Management System 1.0

No auth needed

Prerequisites: Access to the booking form · Admin interaction to view booking details

MITRE ATT&CK

T1059.007 - JavaScript

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1

Core References

Exploit, Third Party Advisory, VDB Entry x_refsource_misc

https://www.exploit-db.com/exploits/50386

Scores

CVSS v3 6.1

EPSS 0.0079

EPSS Percentile 51.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Details

CWE

CWE-79

Status published

Products (1)

phpgurukul/online_dj_booking_management_system 1.0

Published Oct 13, 2021

Tracked Since Feb 18, 2026