Description Cross Site Scripting (XSS) vulnerability exists in Sourcecodester Vehicle Service Management System 1.0 via the Owner fullname parameter in a Send Service Request in vehicle_service.
[Additional Information] NA
[Vulnerability Type] Cross Site Scripting (XSS)
[Vendor of Product] https://www.sourcecodester.com/
[Affected Product Code Base] Vehicle Service Management System - 1.0 [Affected Component] http://localhost/vehicle_service/
[Attack Type] Remote
[Impact Information Disclosure] true
[Attack Vectors] Steps for reproduce:
- Go to url http://localhost/vehicle_service/
- Click on "Send Service Request"
- Enter the payload <script>alert(1)</script> in the "Owner fullname" parameter
- Click on "Submit request"
- Login into admin panel http://localhost/vehicle_service/admin/
- Click on "Service Requests" in the left bar
- The pop up will be triggered.
[Reference] https://owasp.org/www-community/attacks/xss/
[Discoverer] M Lohith
Use CVE-2021-41962.