Hotel Management v1.0 is vulnerable to multiple authenticated Reflected Cross-Site Scripting vulnerabilities. The 'check_in_date' parameter of the reservation.php resource is copied into the HTML document as plain text between tags. Any input is echoed unmodified in the application's response.
References
Link | Resource |
---|---|
https://fluidattacks.com/advisories/lang/ | Third Party Advisory |
https://www.kashipara.com/ | Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: Fluid Attacks
Published: 2023-12-20T19:21:34.658Z
Updated: 2023-12-20T19:21:34.658Z
Reserved: 2023-11-24T16:25:53.193Z
Link: CVE-2023-49270
JSON object: View
NVD Information
Status : Analyzed
Published: 2023-12-20T20:15:19.597
Modified: 2023-12-26T21:41:07.910
Link: CVE-2023-49270
JSON object: View
Redhat Information
No data.
CWE