1. Home
  2. CVE Database
  3. CVE-2021-42662
MEDIUM · 5.4

CVE-2021-42662

A Stored Cross Site Scripting (XSS) vulnerability exists in Sourcecodester Online Event Booking and Reservation System in PHP/MySQL via the Holiday reason parameter. An attacker can leverage this vuln...

Vulnerability Description

A Stored Cross Site Scripting (XSS) vulnerability exists in Sourcecodester Online Event Booking and Reservation System in PHP/MySQL via the Holiday reason parameter. An attacker can leverage this vulnerability in order to run javascript commands on the web server surfers behalf, which can lead to cookie stealing and more.

CVSS Score

5.4

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality
LOW
Integrity
LOW
Availability
NONE

Affected Products

VendorProductVersions
Online Event Booking And Reservation System ProjectOnline Event Booking And Reservation System2.3.0

Related Weaknesses (CWE)

CWE-79

References

FAQ

What is CVE-2021-42662?

CVE-2021-42662 is a vulnerability with a CVSS score of 5.4 (MEDIUM). A Stored Cross Site Scripting (XSS) vulnerability exists in Sourcecodester Online Event Booking and Reservation System in PHP/MySQL via the Holiday reason parameter. An attacker can leverage this vuln...

How severe is CVE-2021-42662?

CVE-2021-42662 has been rated MEDIUM with a CVSS base score of 5.4/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2021-42662?

Check the references section above for vendor advisories and patch information. Affected products include: Online Event Booking And Reservation System Project Online Event Booking And Reservation System.