Vulners
Lucene search
π CodeAstro Online Railway Reservation System 1.0 Cross Site Scripting
ποΈΒ 10 Apr 2025Β 00:00:00Reported byΒ Raj NandiTypeΒ 
Β packetstormπΒ packetstorm.newsπΒ 249Β Views
| Reporter | Title | Published | Views | Family All 10 |
|---|---|---|---|---|
 | CVE-2024-7815 | 15 Aug 202406:46 | β | circl |
 | CodeAstro Online Railway Reservation System θ·¨η«θζ¬ζΌζ΄ | 15 Aug 202400:00 | β | cnnvd |
 | CVE-2024-7815 | 15 Aug 202404:00 | β | cve |
 | CVE-2024-7815 CodeAstro Online Railway Reservation System Update Employee Page admin-update-employee.php cross site scripting | 15 Aug 202404:00 | β | cvelist |
 | CodeAstro Online Railway Reservation System 1.0 - Cross Site Scripting (XSS) | 10 Apr 202500:00 | β | exploitdb |
 | EUVD-2024-48669 | 3 Oct 202520:07 | β | euvd |
 | CVE-2024-7815 | 15 Aug 202404:15 | β | nvd |
 | PT-2024-38602 Β· Unknown Β· Codeastro Online Railway Reservation System | 15 Aug 202400:00 | β | ptsecurity |
 | CVE-2024-7815 | 23 May 202509:51 | β | redhatcve |
 | CVE-2024-7815 CodeAstro Online Railway Reservation System Update Employee Page admin-update-employee.php cross site scripting | 15 Aug 202404:00 | β | vulnrichment |
10
# Exploit Title: XSS Vulnerability in Online Railway Reservation System 1.0
# Date: 2024-08-15
# Exploit Author: Raj Nandi
# Vendor Homepage: https://codeastro.com/
# Software Link:
https://codeastro.com/online-railway-reservation-system-in-php-with-source-code/
# Version: 1.0
# Tested on: Any OS
# CVE: CVE-2024-7815
## Description:
A Cross-Site Scripting (XSS) vulnerability exists in [Application
Name/Version]. This vulnerability allows an attacker to inject and execute
arbitrary JavaScript code within the context of the user's browser session.
## Proof of Concept (PoC):
1. Navigate to [vulnerable page or input field].
2. Input the following payload: `<script>alert(document.cookie)</script>`
3. Upon execution, the script will trigger and display the user's cookies
in an alert box.
## Mitigation:
To prevent this vulnerability, ensure that all user inputs are properly
sanitized and validated before being reflected back on the webpage.Data
Build on a solid foundation withΒ Vulners data
WeΒ provide theΒ essential building blocks forΒ cybersecurity solutions withΒ comprehensive, structured, andΒ constantly updated vulnerability andΒ exploits data
Api
Power your application withΒ Vulners API
The Vulners REST API offers reliable, high-performance access toΒ vulnerabilityΒ intelligence, withΒ 99.9%Β SLAΒ uptime andΒ CDN-backed data delivery forΒ seamlessΒ global access
App
Assess and manage vulnerabilities withΒ VulnersΒ tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
10 Apr 2025 00:00Current
4Medium risk
Vulners AI Score4
CVSS 3.12.4 - 4.8
CVSS 23.3
CVSS 45.1
CVSS 32.4
EPSS0.00622
SSVC