CVE-2024-57427

MEDIUM

PHPJabbers Cinema Booking System 2.0 - Reflected Cross-Site Scripting

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2024-57427. PoCs published by ahrixia.

AI-analyzed exploit summary This repository provides a proof-of-concept for CVE-2024-57427, demonstrating reflected XSS vulnerabilities in PHPJabbers Cinema Booking System v2.0. It includes payloads and request examples for both POST and GET parameters.

Description

PHPJabbers Cinema Booking System v2.0 is vulnerable to reflected cross-site scripting (XSS). Multiple endpoints improperly handle user input, allowing malicious scripts to execute in a victim’s browser. Attackers can craft malicious links to steal session cookies or conduct phishing attacks.

Exploits (1)

nomisec WORKING POC

by ahrixia · poc

https://github.com/ahrixia/CVE-2024-57427

View Code ZIP pw:eip

This repository provides a proof-of-concept for CVE-2024-57427, demonstrating reflected XSS vulnerabilities in PHPJabbers Cinema Booking System v2.0. It includes payloads and request examples for both POST and GET parameters.

Classification

Working Poc 95%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: PHPJabbers Cinema Booking System v2.0

Auth required

Prerequisites: Access to the vulnerable application · Valid session cookie for authenticated endpoints

MITRE ATT&CK

T1059.007 - JavaScript

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Core References

Product

https://www.phpjabbers.com/cinema-booking-system/

Exploit, Third Party Advisory

https://github.com/ahrixia/CVE-2024-57427

Scores

CVSS v3 6.1

EPSS 0.0041

EPSS Percentile 32.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-79

Status published

Products (1)

phpjabbers/cinema_booking_system 2.0

Published Feb 06, 2025

Tracked Since Feb 18, 2026