CVE-2021-42662

medium

Description

A Stored Cross Site Scripting (XSS) vulnerability exists in Sourcecodester Online Event Booking and Reservation System in PHP/MySQL via the Holiday reason parameter. An attacker can leverage this vulnerability in order to run javascript commands on the web server surfers behalf, which can lead to cookie stealing and more.

References

https://www.sourcecodester.com/php/14241/online-event-booking-and-reservation-system-phpmysql.html

https://www.exploit-db.com/exploits/50450

https://github.com/TheHackingRabbi/CVE-2021-42662

http://packetstormsecurity.com/files/164615/Online-Event-Booking-And-Reservation-System-1.0-Cross-Site-Scripting.html

Details

Source: Mitre, NVD

Published: 2021-11-05

Updated: 2026-06-17

Risk Information

CVSS v2

Base Score: 3.5

Vector: CVSS2#AV:N/AC:M/Au:S/C:N/I:P/A:N

Severity: Low

CVSS v3

Base Score: 5.4

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Severity: Medium

EPSS

EPSS: 0.07034