CVE-2021-42663

MEDIUM NUCLEI

Sourcecodester Online Event Booking and Reservation System - HTML Injection via msg Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2021-42663. PoCs published by 0xDeku. A Nuclei detection template is also available.

AI-analyzed exploit summary This repository contains a writeup describing an HTML injection vulnerability (CVE-2021-42663) in the Online Event Booking and Reservation System version 2.3.0. The vulnerability allows an attacker to inject arbitrary HTML code via the 'msg' parameter in the 'index.php' page.

Description

An HTML injection vulnerability exists in Sourcecodester Online Event Booking and Reservation System in PHP/MySQL via the msg parameter to /event-management/index.php. An attacker can leverage this vulnerability in order to change the visibility of the website. Once the target user clicks on a given link he will display the content of the HTML code of the attacker's choice.

Exploits (2)

nomisec WRITEUP 1 stars
by 0xDeku · poc
https://github.com/0xDeku/CVE-2021-42663

This repository contains a writeup describing an HTML injection vulnerability (CVE-2021-42663) in the Online Event Booking and Reservation System version 2.3.0. The vulnerability allows an attacker to inject arbitrary HTML code via the 'msg' parameter in the 'index.php' page.

Classification
Writeup 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target: Online Event Booking and Reservation System version 2.3.0
No auth needed
Prerequisites: Access to the vulnerable web application
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026 Full analysis →
inthewild WRITEUP
poc
https://github.com/thehackingrabbi/cve-2021-42663

The repository provides a technical description of an HTML injection vulnerability in the Online Event Booking and Reservation System version 2.3.0, detailing the affected components, vulnerable parameters, and steps to exploit it. It includes a proof-of-concept payload and references to CVE databases.

Classification
Writeup 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target: Online Event Booking and Reservation System version 2.3.0
No auth needed
Prerequisites: Access to the vulnerable URL with the 'msg' parameter
devstral-2 · analyzed Feb 23, 2026 Full analysis →

Nuclei Templates (1)

Sourcecodester Online Event Booking and Reservation System 2.3.0 - Cross-Site Scripting
MEDIUMVERIFIEDby fxploit

References (2)

Core 2
Core References
Exploit, Third Party Advisory x_refsource_misc
https://github.com/TheHackingRabbi/CVE-2021-42663

Scores

CVSS v3 4.3
EPSS 0.3798
EPSS Percentile 97.3%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

Details

CWE
CWE-79
Status published
Products (1)
online_event_booking_and_reservation_system_project/online_event_booking_and_reservation_system 2.3.0
Published Nov 05, 2021
Tracked Since Feb 18, 2026