Lucene search

[email protected]CVE-2022-36254

HistorySep 12, 2022 - 4:15 a.m.

CVE-2022-36254

2022-09-1204:15:12

CWE-79

[email protected]

web.nvd.nist.gov

cve-2022-36254

xss

vulnerabilities

index.php

tramyardg hotel management system 1.0

remote attackers

web script

html

5.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

0.001 Low

EPSS

Percentile

26.7%

JSON

Multiple persistent cross-site scripting (XSS) vulnerabilities in index.php in tramyardg Hotel Management System 1.0 allow remote attackers to inject arbitrary web script or HTML via multiple parameters such as “fullname”.

Affected configurations

NVD

Node

hotel_management_system_projecthotel_management_systemMatch1.0

CPENameOperatorVersion
hotel_management_system_project:hotel_management_systemhotel management system project hotel management systemeq1.0

CPE	Name	Operator	Version
hotel_management_system_project:hotel_management_system	hotel management system project hotel management system	eq	1.0

References

gist.github.com/ziyishen97/c464b459df73c4cef241e7ec774b7cf6

github.com/tramyardg/hotel-mgmt-system

Social References