CVE-2024-7815

LOW

Online Railway Reservation System - XSS

Title source: rule

Description

A vulnerability has been found in CodeAstro Online Railway Reservation System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /admin/admin-update-employee.php of the component Update Employee Page. The manipulation of the argument emp_fname /emp_lname /emp_nat_idno/emp_addr leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

Exploits (1)

exploitdb WRITEUP

by Raj Nandi · textwebappsphp

https://www.exploit-db.com/exploits/52159

View Code ZIP pw:eip

References (4)

[Exploit] https://github.com/CYB84/CVE_Writeup/blob/main/Online%20Railway%20Reservation%20System/Stored%20XSS.md

[Permissions Required, VDB Entry] https://vuldb.com/?ctiid.274711

[VDB Entry] https://vuldb.com/?id.274711

[Third Party Advisory, VDB Entry] https://vuldb.com/?submit.391376

Scores

CVSS v3 2.4

EPSS 0.0048

EPSS Percentile 65.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N

Details

CWE

CWE-79

Status published

Products (1)

online_railway_reservation_system_project/online_railway_reservation_system 1.0

Published Aug 15, 2024

Tracked Since Feb 18, 2026