TastyIgniter 3.0.7 allows XSS via /account, /reservation, /admin/dashboard, and /admin/system_logs.
Recent assessments:
nu11secur1ty at August 16, 2021 11:07am UTC reported:
TastyIgniter 3.0.7 allows XSS – Stored
XSS-Stored Allow 48 characters
<http://192.168.1.3/setup-master/admin/customers/create>
<https://github.com/nu11secur1ty/CVE-mitre/tree/main/CVE-2021-38699>
Customer[first_name]
<https://streamable.com/75b6ob>
Assessed Attacker Value: 3
Assessed Attacker Value: 3Assessed Attacker Value: 5
packetstormsecurity.com/files/163843/TastyIgniter-3.0.7-Cross-Site-Scripting.html
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38699
github.com/HuskyHacks/CVE-2021-38699-Reflected-XSS
github.com/HuskyHacks/CVE-2021-38699-Stored-XSS
github.com/Justin-1993/CVE-2021-38699
pentesternotes.com/?p=209
tastyigniter.com/support