PHPGurukul Restaurant Table Booking System Cross-Site Scripting Vulnerability

A cross-site scripting (XSS) vulnerability has been identified in PHPGurukul Restaurant Table Booking System version 1.0. The issue resides in the admin/add-table.php file, where the tableno parameter is not properly sanitized, allowing attackers to inject malicious JavaScript that executes in the context of the user’s browser. This vulnerability could be exploited to steal cookies, session information, and perform actions on behalf of the user.

Impact

Exploitation of this vulnerability allows for cross-site scripting, where injected scripts are executed in the context of the user.

Reproduction

To reproduce this vulnerability, send a POST request to the /rtbs/admin/add-table.php endpoint with a payload in the tableno parameter that includes JavaScript, such as a script tag. This can be done using a tool like Burp Suite or through a simple HTML form that targets the vulnerable page.

Remediation

No specific remediation is known for this vulnerability.