Campcodes Park Ticketing System Cross-Site Scripting Vulnerability

A cross-site scripting (XSS) vulnerability has been identified in Campcodes Park Ticketing System version 1.0. The issue arises in the 'save_pricing' function of the 'admin_class.php' file, where the 'name' parameter is not properly sanitized, allowing remote attackers to inject malicious scripts. These scripts could be executed in the browsers of users who access the affected profiles, potentially compromising their security and privacy.

Impact

Exploitation of this vulnerability allows for stored cross-site scripting, where injected scripts are executed in the context of the user accessing the affected profile.

Reproduction

To reproduce this vulnerability, log into the application and navigate to the 'admin_class.php' page. Inject a script payload into the 'name' parameter of the 'save_pricing' function. Once the payload is submitted, refresh the page to trigger the execution of the injected script.