Lucene search

[email protected]CVE-2023-34486

HistoryJun 29, 2023 - 2:15 p.m.

CVE-2023-34486

2023-06-2914:15:09

CWE-79

[email protected]

web.nvd.nist.gov

cve-2023-34486

online hotel management system

php

xss

cross site scripting

nvd

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

0.001 Low

EPSS

Percentile

31.2%

JSON

itsourcecode Online Hotel Management System Project In PHP v1.0.0 is vulnerable to Cross Site Scripting (XSS). Remote code execution can be achieved by entering malicious code in the date selection box.

Affected configurations

NVD

Node

online_hotel_management_system_projectonline_hotel_management_systemMatch1.0.0

CPENameOperatorVersion
online_hotel_management_system_project:online_hotel_management_systemonline hotel management system project online hotel management systemeq1.0.0

CPE	Name	Operator	Version
online_hotel_management_system_project:online_hotel_management_system	online hotel management system project online hotel management system	eq	1.0.0

References

github.com/JunyanYip/itsourcecode_justines_xss_vul

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

0.001 Low

EPSS

Percentile

31.2%

JSON

Related for CVE-2023-34486

prion1 nvd1 cvelist1