CVE-2021-42662

MEDIUM

Online Event Booking And Reservation System - XSS

Title source: rule

Description

A Stored Cross Site Scripting (XSS) vulnerability exists in Sourcecodester Online Event Booking and Reservation System in PHP/MySQL via the Holiday reason parameter. An attacker can leverage this vulnerability in order to run javascript commands on the web server surfers behalf, which can lead to cookie stealing and more.

Exploits (3)

exploitdb WORKING POC

by Alon Leviev · textwebappsphp

https://www.exploit-db.com/exploits/50450

View Code ZIP pw:eip

nomisec WORKING POC 2 stars

by 0xDeku · poc

https://github.com/0xDeku/CVE-2021-42662

View Code ZIP pw:eip

inthewild WRITEUP

poc

https://github.com/thehackingrabbi/cve-2021-42662

View Code ZIP pw:eip

References (4)

[Exploit, Third Party Advisory, VDB Entry] http://packetstormsecurity.com/files/164615/Online-Event-Booking-And-Reservation-System-1.0-Cross-Site-Scripting.html

[Exploit, Third Party Advisory] https://github.com/TheHackingRabbi/CVE-2021-42662

[Exploit, Third Party Advisory, VDB Entry] https://www.exploit-db.com/exploits/50450

[Product, Third Party Advisory] https://www.sourcecodester.com/php/14241/online-event-booking-and-reservation-system-phpmysql.html

Scores

CVSS v3 5.4

EPSS 0.0223

EPSS Percentile 84.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Details

CWE

CWE-79

Status published

Products (1)

online_event_booking_and_reservation_system_project/online_event_booking_and_reservation_system 2.3.0

Published Nov 05, 2021

Tracked Since Feb 18, 2026