A security vulnerability has been detected in SourceCodester Ship Ferry Ticket Reservation System 1.0. Impacted is an unknown function of the file /admin/?page=user/manage_user. The manipulation of the argument Username leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed publicly and may be used.
PUBLISHED5.2ApplicationCWE-79CWE-94x_freeware
SourceCodester Ship Ferry Ticket Reservation System manage_user cross site scripting
Problem type
Affected products
SourceCodester
Ship Ferry Ticket Reservation System
1.0 - AFFECTED
References
VDB-368880 | SourceCodester Ship Ferry Ticket Reservation System manage_user cross site scripting
https://vuldb.com/vuln/368880
VDB-368880 | CTI Indicators (IOB, IOC, TTP, IOA)
https://vuldb.com/vuln/368880/cti
CVE-2026-11338 | CVE Analysis and Report
https://vuldb.com/cve/CVE-2026-11338
Submit #832571 | SourceCodester Ship/Ferry Ticket Reservation System 1.0 Cross Site Scripting
https://vuldb.com/submit/832571
medium.com
https://medium.com/@hemantrajbhati5555/stored-cross-site-scripting-stored-xss-in-username-field-leads-to-arbitrary-javascript-execution-cd377841da30
sourcecodester.com
https://www.sourcecodester.com/
GitHub Security Advisories
GHSA-34gp-5c7w-p6jr
A security vulnerability has been detected in SourceCodester Ship Ferry Ticket Reservation System...
https://github.com/advisories/GHSA-34gp-5c7w-p6jrA security vulnerability has been detected in SourceCodester Ship Ferry Ticket Reservation System 1.0. Impacted is an unknown function of the file /admin/?page=user/manage_user. The manipulation of the argument Username leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed publicly and may be used.
nvd.nist.gov
https://nvd.nist.gov/vuln/detail/CVE-2026-11338
medium.com
https://medium.com/@hemantrajbhati5555/stored-cross-site-scripting-stored-xss-in-username-field-leads-to-arbitrary-javascript-execution-cd377841da30
vuldb.com
https://vuldb.com/cve/CVE-2026-11338
vuldb.com
https://vuldb.com/submit/832571
vuldb.com
https://vuldb.com/vuln/368880
vuldb.com
https://vuldb.com/vuln/368880/cti
sourcecodester.com
https://www.sourcecodester.com
github.com
https://github.com/advisories/GHSA-34gp-5c7w-p6jr
JSON source
https://cveawg.mitre.org/api/cve/CVE-2026-11338Click to expand
{
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"cveMetadata": {
"cveId": "CVE-2026-11338",
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"dateUpdated": "2026-06-05T16:15:09.617Z",
"dateReserved": "2026-06-05T08:17:03.896Z",
"datePublished": "2026-06-05T16:15:09.617Z",
"state": "PUBLISHED"
},
"containers": {
"cna": {
"providerMetadata": {
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB",
"dateUpdated": "2026-06-05T16:15:09.617Z"
},
"title": "SourceCodester Ship Ferry Ticket Reservation System manage_user cross site scripting",
"descriptions": [
{
"lang": "en",
"value": "A security vulnerability has been detected in SourceCodester Ship Ferry Ticket Reservation System 1.0. Impacted is an unknown function of the file /admin/?page=user/manage_user. The manipulation of the argument Username leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed publicly and may be used."
}
],
"affected": [
{
"vendor": "SourceCodester",
"product": "Ship Ferry Ticket Reservation System",
"cpes": [
"cpe:2.3:a:sourcecodester:ship_ferry_ticket_reservation_system:*:*:*:*:*:*:*:*"
],
"versions": [
{
"version": "1.0",
"status": "affected"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"lang": "en",
"description": "Cross Site Scripting",
"cweId": "CWE-79",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"lang": "en",
"description": "Code Injection",
"cweId": "CWE-94",
"type": "CWE"
}
]
}
],
"references": [
{
"url": "https://vuldb.com/vuln/368880",
"name": "VDB-368880 | SourceCodester Ship Ferry Ticket Reservation System manage_user cross site scripting",
"tags": [
"vdb-entry",
"technical-description"
]
},
{
"url": "https://vuldb.com/vuln/368880/cti",
"name": "VDB-368880 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
]
},
{
"url": "https://vuldb.com/cve/CVE-2026-11338",
"name": "CVE-2026-11338 | CVE Analysis and Report",
"tags": [
"third-party-advisory"
]
},
{
"url": "https://vuldb.com/submit/832571",
"name": "Submit #832571 | SourceCodester Ship/Ferry Ticket Reservation System 1.0 Cross Site Scripting",
"tags": [
"third-party-advisory"
]
},
{
"url": "https://medium.com/@hemantrajbhati5555/stored-cross-site-scripting-stored-xss-in-username-field-leads-to-arbitrary-javascript-execution-cd377841da30",
"tags": [
"broken-link",
"exploit"
]
},
{
"url": "https://www.sourcecodester.com/",
"tags": [
"product"
]
}
],
"metrics": [
{},
{
"cvssV3_1": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R",
"baseScore": 2.4,
"baseSeverity": "LOW"
}
},
{
"cvssV3_0": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R",
"baseScore": 2.4,
"baseSeverity": "LOW"
}
},
{
"cvssV2_0": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:M/C:N/I:P/A:N/E:POC/RL:ND/RC:UR",
"baseScore": 3.3
}
}
],
"timeline": [
{
"time": "2026-06-05T00:00:00.000Z",
"lang": "en",
"value": "Advisory disclosed"
},
{
"time": "2026-06-05T02:00:00.000Z",
"lang": "en",
"value": "VulDB entry created"
},
{
"time": "2026-06-05T10:22:10.000Z",
"lang": "en",
"value": "VulDB entry last update"
}
],
"credits": [
{
"lang": "en",
"value": "Hemant Raj Bhati (VulDB User)",
"type": "reporter"
}
],
"tags": [
"x_freeware"
]
}
}
}