CVE-2023-49269

Hotel Management v1.0 is vulnerable to multiple authenticated Reflected Cross-Site Scripting vulnerabilities. The 'adults' parameter of the reservation.php resource is copied into the HTML document as plain text between tags. Any input is echoed unmodified in the application's response.
References
Link Resource
https://fluidattacks.com/advisories/lang/ Exploit Third Party Advisory
https://www.kashipara.com/ Product
Configurations

Configuration 1 (hide)

cpe:2.3:a:gvnpatidar:hotel_management_system:1.0:*:*:*:*:*:*:*

History

No history.

Information

Published : 2023-12-20 18:15

Updated : 2023-12-27 17:17


NVD link : CVE-2023-49269

Mitre link : CVE-2023-49269

CVE.ORG link : CVE-2023-49269


JSON object : View

Products Affected

gvnpatidar

  • hotel_management_system
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')