CVE-2026-11338
Description
SourceCodester Ship Ferry Ticket Reservation System 1.0 is vulnerable to a reflected cross-site scripting flaw in manage_user functionality.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
SourceCodester Ship Ferry Ticket Reservation System 1.0 is vulnerable to a reflected cross-site scripting flaw in manage_user functionality.
Vulnerability
A cross-site scripting (XSS) vulnerability exists in SourceCodester Ship Ferry Ticket Reservation System version 1.0. The flaw is located in an unknown function within the /admin/?page=user/manage_user file, specifically related to the manipulation of the Username argument.
Exploitation
An attacker can exploit this vulnerability remotely by tricking a user into clicking a crafted link. This would involve manipulating the Username argument to inject malicious script. No specific authentication or user interaction details beyond the initial click are provided in the available references.
Impact
Successful exploitation of this vulnerability could lead to cross-site scripting, allowing an attacker to execute arbitrary scripts in the context of the victim's browser session. The exact impact, such as data theft or session hijacking, is not detailed in the provided references.
Mitigation
No specific mitigation or patched version information is available in the provided references. The vulnerability was disclosed publicly on 2026-05-28 [1].
AI Insight generated on Jun 5, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
1- Range: 1.0
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
6News mentions
0No linked articles in our index yet.