RCE in Carmelo Simple_flight_ticket_booking_system
CVE-2026-3763
A vulnerability was found in code-projects Simple Flight Ticket Booking System 1.0. The affected element is an unknown function of the file showhistory.php. The manipulation results in cross site scripting. It is possible to launch the att…
Vulnerability class: XSS (Cross-Site Scripting)
EPSS: 0.000 (15.2th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 4.3 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N.
Affected products
- Carmelo Simple_flight_ticket_booking_system — versions 1.0
- Code-projects Simple Flight Ticket Booking System — versions 1.0
Weakness classification (CWE)
References
- VDB-349741 | code-projects Simple Flight Ticket Booking System showhistory.php cross site scripting (Third Party Advisory, VDB Entry, vdb-entry)
- VDB-349741 | CTI Indicators (IOB, IOC, TTP, IOA) (signature, Permissions Required, permissions-required, VDB Entry)
- Submit #768182 | code-projects simple flight booking system published February 14, 2026 Cross Site Scripting (Third Party Advisory, VDB Entry, third-party-advisory)
- cna@vuldb.com (Exploit, Third Party Advisory, exploit)
- cna@vuldb.com (Product, product)
Frequently asked questions
- What is CVE-2026-3763?
- CVE-2026-3763 is a medium-severity vulnerability in Carmelo Simple_flight_ticket_booking_system, classified under Cross-site Scripting. CVSS score: 4.3/10. Published 2026-03-08.
- How severe is CVE-2026-3763?
- Medium severity. CVSS v3 base score is 4.3 out of 10.