CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1CVE-2025-0538 – code-projects Tourism Management System manage-pages.php cross site scripting
https://notcve.org/view.php?id=CVE-2025-0538
17 Jan 2025 — A vulnerability, which was classified as problematic, was found in code-projects Tourism Management System 1.0. Affected is an unknown function of the file /admin/manage-pages.php. The manipulation of the argument pgedetails leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. • https://code-projects.org • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 3.3EPSS: 0%CPEs: 1EXPL: 1CVE-2024-1822 – PHPGurukul Tourism Management System user-bookings.php cross site scripting
https://notcve.org/view.php?id=CVE-2024-1822
23 Feb 2024 — A vulnerability classified as problematic has been found in PHPGurukul Tourism Management System 1.0. Affected is an unknown function of the file user-bookings.php. The manipulation of the argument Full Name leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. • https://drive.google.com/file/d/1ulzFlRqsex39dDUOFU2LbmphrQblSAwn/view?usp=drive_link • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 2%CPEs: 1EXPL: 1CVE-2020-28136
https://notcve.org/view.php?id=CVE-2020-28136
17 Nov 2020 — An Arbitrary File Upload is discovered in SourceCodester Tourism Management System 1.0 allows the user to conduct remote code execution via admin/create-package.php vulnerable page. Es detectada una carga de archivos arbitraria en SourceCodester Tourism Management System versión 1.0, que permite al usuario conducir una ejecución de código remota por medio de una página vulnerable admin/create-package.php • https://phpgurukul.com/tourism-management-system-free-download • CWE-434: Unrestricted Upload of File with Dangerous Type •