Hotel Management v1.0 is vulnerable to multiple authenticated Reflected Cross-Site Scripting vulnerabilities. The 'check_out_date' parameter of the reservation.php resource is copied into the HTML document as plain text between tags. Any input is echoed unmodified in the application's response.
References
Link | Resource |
---|---|
https://fluidattacks.com/advisories/lang/ | Third Party Advisory |
https://www.kashipara.com/ | Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: Fluid Attacks
Published: 2023-12-20T19:24:15.907Z
Updated: 2023-12-20T19:24:15.907Z
Reserved: 2023-11-24T16:25:53.193Z
Link: CVE-2023-49271
JSON object: View
NVD Information
Status : Analyzed
Published: 2023-12-20T20:15:19.800
Modified: 2023-12-26T21:40:42.173
Link: CVE-2023-49271
JSON object: View
Redhat Information
No data.
CWE