# Exploit Title: XSS Vulnerability in Online Railway Reservation System 1.0 # Date: 2024-08-15 # Exploit Author: Raj Nandi # Vendor Homepage: https://codeastro.com/ # Software Link: https://codeastro.com/online-railway-reservation-system-in-php-with-source-code/ # Version: 1.0 # Tested on: Any OS # CVE: CVE-2024-7815 ## Description: A Cross-Site Scripting (XSS) vulnerability exists in [Application Name/Version]. This vulnerability allows an attacker to inject and execute arbitrary JavaScript code within the context of the user's browser session. ## Proof of Concept (PoC): 1. Navigate to [vulnerable page or input field]. 2. Input the following payload: `<script>alert(document.cookie)</script>` 3. Upon execution, the script will trigger and display the user's cookies in an alert box. ## Mitigation: To prevent this vulnerability, ensure that all user inputs are properly sanitized and validated before being reflected back on the webpage.