Title: - sourcecodester.com Simple Responsive Tourism Website 1.0 Cross Site Scripting Description: - A cross-site scripting (XSS) vulnerability exists in the 'register' functionality ('/tourism/classes/Master.php?f=register') of Simple Responsive Tourism Website version 1.0. The vulnerability is caused by improper neutralization of user input in the 'firstname' parameter (and potentially other parameters) during output. An unauthenticated remote attacker can exploit this vulnerability by injecting malicious JavaScript payloads into the 'firstname' field (or other vulnerable fields). Successful exploitation allows the execution of arbitrary script code within the context of a victim's browser session. This can lead to session hijacking, theft of sensitive information (such as cookies or session tokens), defacement of the website, or redirection to malicious sites. The vulnerability poses a direct threat to user privacy and application security. Source: - https://github.com/CH0ico/CVE_choco_5 User: - Choco094late (UID 75875) Submission: - 02/03/2026 10:44 AM (5 days ago) Moderation: - 02/07/2026 09:55 AM (4 days later) Status: - Accepted VulDB entry: - 344851 [SourceCodester Simple Responsive Tourism Website 1.0 Registration Master.php?f=register firstname/lastname/username cross site scripting] Points: - 20