Lucene search

Fluid AttacksCVE-2023-49269

HistoryDec 20, 2023 - 6:15 p.m.

CVE-2023-49269

2023-12-2018:15:13

CWE-79

Fluid Attacks

web.nvd.nist.gov

hotel management

v1.0

xss

authenticated

reflected

nvd

cve-2023-49269

CVSS3

5.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

EPSS

Percentile

14.0%

JSON

Hotel Management v1.0 is vulnerable to multiple authenticated Reflected Cross-Site Scripting vulnerabilities. The ‘adults’ parameter of the reservation.php resource is copied into the HTML document as plain text between tags. Any input is echoed unmodified in the application’s response.

Affected configurations

Nvd

Node

gvnpatidarhotel_management_systemMatch1.0

VendorProductVersionCPE
gvnpatidarhotel_management_system1.0cpe:2.3:a:gvnpatidar:hotel_management_system:1.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
gvnpatidar	hotel_management_system	1.0	cpe:2.3:a:gvnpatidar:hotel_management_system:1.0:::::::*

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Hotel Management",
    "vendor": "Kashipara Group",
    "versions": [
      {
        "status": "affected",
        "version": "1.0"
      }
    ]
  }
]

References

fluidattacks.com/advisories/lang/

www.kashipara.com/