Cross site scripting

2023-12-2020:15:00

PRIOn knowledge base

www.prio-n.com

xss vulnerability

hotel management v1.0

reflected cross-site scripting

6.5 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

14.2%

JSON

Hotel Management v1.0 is vulnerable to multiple authenticated Reflected Cross-Site Scripting vulnerabilities. The ‘check_in_date’ parameter of the reservation.php resource is copied into the HTML document as plain text between tags. Any input is echoed unmodified in the application’s response.

CPENameOperatorVersion
hotel_managementeq1.0

CPE	Name	Operator	Version
	hotel_management	eq	1.0

References

fluidattacks.com/advisories/lang/

www.kashipara.com/