Exploit for Cross-site Scripting in Vehicle Service Management System Project Vehicle Service Management System CVE-2021-41962

Name: Exploit for Cross-site Scripting in Vehicle Service Management System Project Vehicle Service Management System CVE-2021-41962
Rating: 5 (281 reviews)

2021-12-16 | CVSS 3.5

## https://sploitus.com/exploit?id=A8CECA6F-C0B8-5E07-9330-641AB51A516F
# -CVE-2021-41962

>Description
> Cross Site Scripting (XSS) vulnerability exists in Sourcecodester Vehicle Service Management System 1.0 via the Owner fullname parameter in a Send Service Request in vehicle_service.

> [Additional Information]
> NA


> [Vulnerability Type]
> Cross Site Scripting (XSS)

> [Vendor of Product]
> https://www.sourcecodester.com/

> [Affected Product Code Base]
> Vehicle Service Management System - 1.0
> [Affected Component]
> http://localhost/vehicle_service/

> [Attack Type]
> Remote

> [Impact Information Disclosure]
> true

> [Attack Vectors]
> Steps for reproduce:
> 1. Go to url http://localhost/vehicle_service/ 
> 2. Click on "Send Service Request"
> 3. Enter the payload <script>alert(1)</script> in the "Owner fullname" parameter
> 4. Click on "Submit request"
> 5. Login into admin panel http://localhost/vehicle_service/admin/
> 6. Click on "Service Requests" in the left bar
> 7. The pop up will be triggered.

> [Reference]
> https://owasp.org/www-community/attacks/xss/

> [Discoverer]
> M Lohith

Use CVE-2021-41962.