CVE-2024-57428 Information

Description

A stored cross-site scripting (XSS) vulnerability in PHPJabbers Cinema Booking System v2.0 exists due to unsanitized input in file upload fields (event_img seat_maps) and seat number configurations (number[new_X] in pjActionCreate). Attackers can inject persistent JavaScript leading to phishing malware injection and session hijacking.

Reference

https://github.com/ahrixia/CVE-2024-57428 https://www.phpjabbers.com/cinema-booking-system/