VULHUB ™

### Summary NS International Train Tickets is a web application that is used by NS International (Dutch railways) to manage (search, book, plan, buy) train tickets for international travels from the Netherlands. ### Description NS International Train Tickets confirmation page 'bookingConfirm' is vulnerable to a Reflected XSS. The input provided to the 'dnr' query string parameter is reflected to the validationMismatch.html page. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. ### Vendor NS International BV - https://www.nsinternational.nl ### Affected Version * 7.31.4 ### Tested On * Opera 49.0.2725.39 * Google Chrome 60.0.3112.90 * Firefox Quantum 57.0.1 ### PoC ``` https://treintickets.nsinternational.nl/d-cobs-web/bookingConfirm.html?confirmationID=543b98e672749fb144fdfde9f2ef49945079f0928505c43b19390396db2294f2&dnr=XXXX"><script>alert(1)</script>&locale=en_GB ```

### Summary NS International Train Tickets is a web application that is used by NS International (Dutch railways) to manage (search, book, plan, buy) train tickets for international travels from the Netherlands. ### Description NS International Train Tickets confirmation page 'bookingConfirm' is vulnerable to a Reflected XSS. The input provided to the 'dnr' query string parameter is reflected to the validationMismatch.html page. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. ### Vendor NS International BV - https://www.nsinternational.nl ### Affected Version * 7.31.4 ### Tested On * Opera 49.0.2725.39 * Google Chrome 60.0.3112.90 * Firefox Quantum 57.0.1 ### PoC ``` https://treintickets.nsinternational.nl/d-cobs-web/bookingConfirm.html?confirmationID=543b98e672749fb144fdfde9f2ef49945079f0928505c43b19390396db2294f2&dnr=XXXX"><script>alert(1)</script>&locale=en_GB ```