Bookme Control Panel 2.0 Application is vulnerable to stored XSS within the Customers "Book Me" function. Within the Name and Note (aka custName and custNote) sections of the Customers screen, the application does not sanitize user-supplied input and renders injected JavaScript code to the user's browser.
References
Link | Resource |
---|---|
https://neetech18.blogspot.in/2018/03/stored-xss-vulnerability-in-bookme_17.html | Exploit Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2018-03-17T13:00:00
Updated: 2018-03-17T12:57:01
Reserved: 2018-03-15T00:00:00
Link: CVE-2018-8737
JSON object: View
NVD Information
Status : Analyzed
Published: 2018-03-17T13:29:00.237
Modified: 2018-04-13T18:48:05.350
Link: CVE-2018-8737
JSON object: View
Redhat Information
No data.
CWE