CVE-2017-17938

Vulnerability

A reflected cross-site scripting (XSS) vulnerability exists in the admin/viewtheatre.php page of PHP Scripts Mall Single Theater Booking. The theatreid parameter is unsanitized and directly reflected in the page output, allowing an attacker to inject arbitrary HTML and JavaScript. This issue was identified in the demo version and likely affects all instances of the software [1].

Exploitation

An attacker can exploit this vulnerability by crafting a malicious URL containing a payload in the theatreid parameter, e.g., http://target.com/admin/viewtheatre.php?theatreid=29%22%3Etest%3Cimg%20src=x%20onerror=alert(1)%3E. The attacker must then trick an authenticated admin user into clicking the link. No special network position is required beyond web access to the admin interface [1].

Impact

Successful exploitation allows the attacker to execute arbitrary JavaScript in the context of the admin's session. This can lead to session hijacking, defacement, or other malicious actions performed as the admin user, potentially compromising sensitive data or site configuration [1].

Mitigation

No official patch has been released by the vendor. Administrators should disable or restrict access to the admin/viewtheatre.php page, apply input validation and output encoding to the theatreid parameter, and consider using a web application firewall (WAF) to block common XSS payloads. Regularly review and update the software if a fix becomes available [1].