CVE-2026-11338
2.4 LOWA security vulnerability has been detected in SourceCodester Ship Ferry Ticket Reservation System 1.0
Published: 2026-06-05 · Last updated: 2026-06-08
Severity and scoring
- CVSS
- 2.4 LOW
- Vector
- CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N
- CWE
- CWE-79, CWE-94
Description
A security vulnerability has been detected in SourceCodester Ship Ferry Ticket Reservation System 1.0. Impacted is an unknown function of the file /admin/?page=user/manage_user. The manipulation of the argument Username leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed publicly and may be used.
Source: NVD
References
- [NVD]https://nvd.nist.gov/vuln/detail/CVE-2026-11338
- [Other]https://medium.com/@hemantrajbhati5555/stored-cross-site-scripting-stored-xss-in-username-field-leads-to-arbitrary-javascript-execution-cd377841da30
- [Other]https://vuldb.com/cve/CVE-2026-11338
- [Other]https://vuldb.com/submit/832571
- [Other]https://vuldb.com/vuln/368880
- [Other]https://vuldb.com/vuln/368880/cti
- [Other]https://www.sourcecodester.com/
- [Other]https://medium.com/@hemantrajbhati5555/stored-cross-site-scripting-stored-xss-in-username-field-leads-to-arbitrary-javascript-execution-cd377841da30
Related CVEs
Same CWE
- CVE-2025-8444 — The Animation Addons for Elementor – GSAP Powered Elementor Addons & Website Templates plugin for WordPress is vulnerable to DOM-Based St... (6.4 MEDIUM)
- CVE-2026-46518 — OpenEMR is a free and open source electronic health records and medical practice management application (7.7 HIGH)
- CVE-2026-46517 — LMDeploy is a toolkit for compressing, deploying, and serving large language models (7.8 HIGH)
- CVE-2026-46432 — LMDeploy is a toolkit for compressing, deploying, and serving large language models (7.8 HIGH)
- CVE-2026-41003 — An attacker able to influence values in RelyingPartyRegistration may be able to run arbitrary code on HTML forms generated by Spring Secu... (7.6 HIGH)