Lucene search

[email protected]CVE-2022-48091

HistoryJan 13, 2023 - 7:15 p.m.

CVE-2022-48091

2023-01-1319:15:11

CWE-79

[email protected]

web.nvd.nist.gov

tramyardg

hotel management system

2022.4

xss

process_update_profile.php

vulnerability

security

nvd

5.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

0.001 Low

EPSS

Percentile

23.5%

JSON

Tramyardg hotel-mgmt-system version 2022.4 is vulnerable to Cross Site Scripting (XSS) via process_update_profile.php.

Affected configurations

NVD

Node

hotel_management_system_projecthotel_management_systemMatch2022-04-11

CPENameOperatorVersion
hotel_management_system_project:hotel_management_systemhotel management system project hotel management systemeq2022-04-11

CPE	Name	Operator	Version
hotel_management_system_project:hotel_management_system	hotel management system project hotel management system	eq	2022-04-11

References

github.com/tramyardg/hotel-mgmt-system/issues/22