CVE-2024-8951

A vulnerability classified as problematic was found in SourceCodester Resort Reservation System 1.0. Affected by this vulnerability is an unknown functionality of the file manage_fee.php. The manipulation of the argument toview leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
Configurations

Configuration 1 (hide)

cpe:2.3:a:oretnom23:resort_reservation_system:1.0:*:*:*:*:*:*:*

History

23 Sep 2024, 18:12

Type Values Removed Values Added
First Time Oretnom23 resort Reservation System
Oretnom23
CPE cpe:2.3:a:oretnom23:resort_reservation_system:1.0:*:*:*:*:*:*:*
CVSS v2 : 4.0
v3 : 3.5
v2 : 4.0
v3 : 6.1
References () https://github.com/gurudattch/CVEs/blob/main/Sourcecodester-Resort-Reservation-system-XSS.md - () https://github.com/gurudattch/CVEs/blob/main/Sourcecodester-Resort-Reservation-system-XSS.md - Exploit, Third Party Advisory
References () https://vuldb.com/?ctiid.277777 - () https://vuldb.com/?ctiid.277777 - Permissions Required
References () https://vuldb.com/?id.277777 - () https://vuldb.com/?id.277777 - Permissions Required
References () https://vuldb.com/?submit.409586 - () https://vuldb.com/?submit.409586 - Third Party Advisory
References () https://www.sourcecodester.com/ - () https://www.sourcecodester.com/ - Product

20 Sep 2024, 12:30

Type Values Removed Values Added
Summary
  • (es) Se ha encontrado una vulnerabilidad clasificada como problemática en SourceCodester Resort Reservation System 1.0. Esta vulnerabilidad afecta a una funcionalidad desconocida del archivo manage_fee.php. La manipulación del argumento toview provoca cross site scripting. El ataque se puede ejecutar de forma remota. El exploit se ha hecho público y puede utilizarse.

17 Sep 2024, 20:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-09-17 20:15

Updated : 2024-09-23 18:12


NVD link : CVE-2024-8951

Mitre link : CVE-2024-8951

CVE.ORG link : CVE-2024-8951


JSON object : View

Products Affected

oretnom23

  • resort_reservation_system
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')