Description
A security vulnerability has been detected in SourceCodester Ship Ferry Ticket Reservation System 1.0. Impacted is an unknown function of the file /admin/?page=user/manage_user. The manipulation of the argument Username leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed publicly and may be used.
Published: 2026-06-05
Score: 4.8 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is a stored cross‑site scripting flaw in the SourceCodester Ship Ferry Ticket Reservation System. The username field in the /admin/?page=user/manage_user handler accepts user input that is saved without proper sanitization, and the value is later rendered in the web interface. As a result, an attacker who can supply a crafted username can inject JavaScript that executes whenever the stored value is displayed.

Affected Systems

The affected product is SourceCodester Ship Ferry Ticket Reservation System version 1.0. No additional versions are mentioned in the CVE entry.

Risk and Exploitability

The CVSS score of 4.8 indicates moderate severity. The EPSS data is not available, so the exact likelihood of exploitation cannot be quantified, but the vulnerability is publicly disclosed and may be used remotely via the /admin interface. Based on the description, it is inferred that an attacker would need to submit a malicious username via the admin page; whether authentication is required is not stated and thus remains unknown. The flaw is not listed in the CISA KEV catalog, suggesting it has not yet been widely exploited in the wild.

Generated by OpenCVE AI on June 5, 2026 at 18:20 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply an official vendor patch or upgrade to a fixed version when available.
  • If no patch is released, modify the application to remove the ability to store unescaped usernames or change the field to a read‑only value that does not render user input directly.
  • Validate all input and apply output encoding or a content‑security‑policy that blocks inline script execution on the affected pages.

Generated by OpenCVE AI on June 5, 2026 at 18:20 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 05 Jun 2026 16:45:00 +0000

Type Values Removed Values Added
Description A security vulnerability has been detected in SourceCodester Ship Ferry Ticket Reservation System 1.0. Impacted is an unknown function of the file /admin/?page=user/manage_user. The manipulation of the argument Username leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed publicly and may be used.
Title SourceCodester Ship Ferry Ticket Reservation System manage_user cross site scripting
First Time appeared Sourcecodester
Sourcecodester ship Ferry Ticket Reservation System
Weaknesses CWE-79
CWE-94
CPEs cpe:2.3:a:sourcecodester:ship_ferry_ticket_reservation_system:*:*:*:*:*:*:*:*
Vendors & Products Sourcecodester
Sourcecodester ship Ferry Ticket Reservation System
References
Metrics cvssV2_0

{'score': 3.3, 'vector': 'AV:N/AC:L/Au:M/C:N/I:P/A:N/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 2.4, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 2.4, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 4.8, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P'}

Subscriptions

Sourcecodester Ship Ferry Ticket Reservation System
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-06-05T16:15:09.617Z

Reserved: 2026-06-05T08:17:03.896Z

Link: CVE-2026-11338

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Deferred

Published: 2026-06-05T17:16:44.160

Modified: 2026-06-05T19:02:13.790

Link: CVE-2026-11338

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-05T18:30:46Z

Weaknesses