Code-Projects Online Ticket Reservation System Cross-Site Scripting Vulnerability

A stored cross-site scripting vulnerability has been identified in Code-Projects Online Ticket Reservation System version 1.0. This issue resides in the 'passenger.php' file, where the 'name' argument can be manipulated to inject malicious JavaScript. The vulnerability can be exploited remotely, and the injected script is executed in the context of an admin user.

Impact

Exploitation of this vulnerability allows for stored cross-site scripting, where injected scripts are executed in the context of an admin user.

Reproduction

To reproduce this vulnerability, navigate to the ticket reservation section and fill out the reservation form. Inject a script payload into the 'Full Name', 'Address', 'Contact', and 'Booked By' fields. After submitting the form, log in as an admin and access the reservation page to see the executed script from the injected fields.