Hotel Management v1.0 is vulnerable to multiple authenticated Reflected Cross-Site Scripting vulnerabilities. The 'check_out_date' parameter of the reservation.php resource is copied into the HTML document as plain text between tags. Any input is echoed unmodified in the application's response.
References
Link | Resource |
---|---|
https://fluidattacks.com/advisories/lang/ | Third Party Advisory |
https://www.kashipara.com/ | Vendor Advisory |
https://fluidattacks.com/advisories/lang/ | Third Party Advisory |
https://www.kashipara.com/ | Vendor Advisory |
Configurations
History
21 Nov 2024, 08:33
Type | Values Removed | Values Added |
---|---|---|
References | () https://fluidattacks.com/advisories/lang/ - Third Party Advisory | |
References | () https://www.kashipara.com/ - Vendor Advisory |
26 Dec 2023, 21:40
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:kashipara:hotel_management:1.0:*:*:*:*:*:*:* | |
References | () https://fluidattacks.com/advisories/lang/ - Third Party Advisory | |
References | () https://www.kashipara.com/ - Vendor Advisory | |
First Time |
Kashipara
Kashipara hotel Management |
21 Dec 2023, 02:24
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-12-20 20:15
Updated : 2024-11-21 08:33
NVD link : CVE-2023-49271
Mitre link : CVE-2023-49271
CVE.ORG link : CVE-2023-49271
JSON object : View
Products Affected
kashipara
- hotel_management
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')