cvedb.io
CVE-2021-42662
MEDIUM · CVSS 5.4
EPSS exploitation probability: 0%
Published 2021-11-05T11:15:08.007 · Last modified 2026-06-17T04:09:55.727

Summary

A Stored Cross Site Scripting (XSS) vulnerability exists in Sourcecodester Online Event Booking and Reservation System in PHP/MySQL via the Holiday reason parameter. An attacker can leverage this vulnerability in order to run javascript commands on the web server surfers behalf, which can lead to cookie stealing and more.

Affected products

online_event_booking_and_reservation_system_project — online_event_booking_and_reservation_system

Does this affect you?

Add your gear to cvedb and we'll alert you only when online_event_booking_and_reservation_system_project ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.