CVE-2026-2159 MEDIUM

CVE-2026-2159: SourceCodester Simple Responsive Tourism Website Registration Master.php cross site scripting

Vendor Sourcecodester
Product Simple Responsive Tourism Website
Weakness CWE-79 · XSS
Published February 8, 2026
Last update February 23, 2026
View on NVD All CVEs

CVSS base score

5.3/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P

What the vulnerability does

01Description

A flaw has been found in SourceCodester Simple Responsive Tourism Website 1.0. Affected is an unknown function of the file /tourism/classes/Master.php?f=register of the component Registration. Executing a manipulation of the argument firstname/lastname/username can lead to cross site scripting. It is possible to launch the attack remotely. The exploit has been published and may be used.

Key dates

02Disclosure timeline

February 8, 2026 CVE published
February 23, 2026 Record updated

Related vulnerabilities

04Related CVE

CVE-2023-40553 WordPress Plausible Analytics Plugin <= 1.3.3 is vulnerable to Cross Site Scripting (XSS) CVE-2024-7590 WordPress Spectra plugin<= 2.14.1 - Cross Site Scripting (XSS) vulnerability CVE-2024-26079 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) CVE-2023-28629 Stored XSS possible on VSM and Job Details pages via malicious pipeline label configuration in gocd CVE-2025-59821 DNN vulnerable to Reflected Cross-Site Scripting (XSS) using url to profile