Lucene search

[email protected]NVD:CVE-2023-34486

HistoryJun 29, 2023 - 2:15 p.m.

CVE-2023-34486

2023-06-2914:15:09

CWE-79

[email protected]

web.nvd.nist.gov

online hotel management

php

xss

vulnerability

remote code execution

date selection box

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

36.4%

JSON

itsourcecode Online Hotel Management System Project In PHP v1.0.0 is vulnerable to Cross Site Scripting (XSS). Remote code execution can be achieved by entering malicious code in the date selection box.

Affected configurations

Nvd

Node

online_hotel_management_system_projectonline_hotel_management_systemMatch1.0.0

VendorProductVersionCPE
online_hotel_management_system_projectonline_hotel_management_system1.0.0cpe:2.3:a:online_hotel_management_system_project:online_hotel_management_system:1.0.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
online_hotel_management_system_project	online_hotel_management_system	1.0.0	cpe:2.3:a:online_hotel_management_system_project:online_hotel_management_system:1.0.0:::::::*

References

github.com/JunyanYip/itsourcecode_justines_xss_vul

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

36.4%

JSON

Related for NVD:CVE-2023-34486

prion1 cvelist1 cve1