Jairiidriss RestaurantWebsite Cross-Site Scripting Vulnerability in Make a Reservation Component

A cross-site scripting (XSS) vulnerability has been identified in the jairiidriss RestaurantWebsite application, specifically in the Make a Reservation component. This issue affects versions of the application prior to the commit e7911f12d035e8e2f9a75e7a28b59e4ef5c1d654. The vulnerability arises because the selected_date parameter is not properly sanitized, allowing remote attackers to inject malicious scripts. When the form is submitted, these scripts are executed, leading to reflected XSS. The vulnerability has been publicly disclosed and is accompanied by a proof-of-concept exploit.

Impact

Exploitation of this vulnerability allows for cross-site scripting, where injected scripts are executed in the context of the user's browser.

Reproduction

To reproduce this vulnerability, submit the first form in the Make a Reservation component. Use the Developer Tools to modify the selected_date parameter by injecting a script, such as one that triggers an alert. After submitting the form, the injected script will execute, confirming the presence of the XSS vulnerability.