Rental Script Security Vulnerabilities
Car Rental Script 3.0 is vulnerable to Multiple HTML Injection issues via SMS API Key or Default Country...
5.4CVSS
5.7AI Score
0.0004EPSS
Car Rental Script v3.0 is vulnerable to CSV Injection via a Language > Labels > Export...
8.8CVSS
8.6AI Score
0.001EPSS
Car Rental Script 3.0 is vulnerable to Multiple Stored Cross-Site Scripting (XSS) issues via the name, plugin_sms_api_key, plugin_sms_country_code, calendar_id, title, country name, or customer_name...
5.4CVSS
5.2AI Score
0.0004EPSS
A lack of rate limiting in pjActionAjaxSend in Car Rental v3.0 allows attackers to cause resource...
7.5CVSS
7.4AI Score
0.001EPSS
A vulnerability was found in SourceCodester Online Motorcycle Rental System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file /admin/?page=bike of the component Bike List. The manipulation of the argument Model with the input ">confirm (document.cookie...
6.1CVSS
6AI Score
0.0005EPSS
User enumeration is found in PHP Jabbers Car Rental Script v3.0. This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid...
9.8CVSS
9.3AI Score
0.001EPSS
In PHPJabbers Car Rental Script 3.0, lack of verification when changing an email address and/or password (on the Profile Page) allows remote attackers to take over...
8.8CVSS
8.7AI Score
0.001EPSS
A vulnerability classified as problematic has been found in GZ Scripts Car Rental Script 1.8. Affected is an unknown function of the file /EventBookingCalendar/load.php?controller=GzFront/action=checkout/cid=1/layout=calendar/show_header=T/local=3. The manipulation of the argument...
6.1CVSS
6AI Score
0.001EPSS
A vulnerability was found in GZ Scripts PHP Vacation Rental Script 1.8. It has been classified as problematic. This affects an unknown part of the file /preview.php. The manipulation of the argument page/layout/sort_by/property_id leads to cross site scripting. It is possible to initiate the...
6.1CVSS
6AI Score
0.0005EPSS
Cross-site scripting (XSS) vulnerability in vacation/1_mobile/alert_members.php in MYRE Vacation Rental Software allows remote attackers to inject arbitrary web script or HTML via the link_idd parameter in a login...
5.8AI Score
0.001EPSS
PHP Scripts Mall Rental Bike Script 2.0.3 has HTML injection via the STREET field in the Profile Edit...
5.4CVSS
5.7AI Score
0.001EPSS
PHP Scripts Mall Rental Bike Script 2.0.3 has Cross-Site Request Forgery (CSRF) via the Edit Profile...
8.8CVSS
8.8AI Score
0.001EPSS
PHP Scripts Mall Rental Bike Script 2.0.3 has directory traversal via a direct request for a listing of an uploads...
6.5CVSS
6.5AI Score
0.001EPSS
PHP Scripts Mall Car Rental Script 2.0.8 has Cross-Site Request Forgery (CSRF) via...
8.8CVSS
8.8AI Score
0.001EPSS
PHP Scripts Mall Car Rental Script 2.0.8 has directory traversal via a direct request for a listing of an image directory such as an images/...
6.5CVSS
6.5AI Score
0.001EPSS
5.4CVSS
5.3AI Score
0.001EPSS
PHP Scripts Mall Car Rental Script 2.0.8 has XSS via the User Name field in an Edit Profile...
5.4CVSS
5.3AI Score
0.001EPSS
PHP Scripts Mall Car Rental Script has SQL Injection via the admin/carlistedit.php carid...
9.8CVSS
9.9AI Score
0.002EPSS
PHP Scripts Mall Car Rental Script has XSS via the admin/areaedit.php carid parameter or the admin/sitesettings.php websitename...
6.1CVSS
6AI Score
0.001EPSS
8.8CVSS
8.7AI Score
0.001EPSS
9.8CVSS
9.9AI Score
0.002EPSS
Cross-site scripting vulnerability in Captcha prior to version 4.3.0, Car Rental prior to version 1.0.5, Contact Form Multi prior to version 1.2.1, Contact Form prior to version 4.0.6, Contact Form to DB prior to version 1.5.7, Custom Admin Page prior to version 0.1.2, Custom Fields Search prior...
6.1CVSS
6.1AI Score
0.001EPSS
Cross-site request forgery (CSRF) vulnerability in PHPJabbers Vacation Rental Script allows remote attackers to hijack the authentication of administrators for requests that add administrator accounts via a create action in the AdminUsers module to...
7.2AI Score
0.004EPSS
SQL injection vulnerability in index.php in CommodityRentals CD Rental Software allows remote attackers to execute arbitrary SQL commands via the cat_id parameter in a catalog...
8.7AI Score
0.003EPSS
Multiple SQL injection vulnerabilities in index.php in Eicra Car Rental-Script, when the plugin_id parameter is 4, allow remote attackers to execute arbitrary SQL commands via the (1) users (username) and (2) passwords...
8.8AI Score
0.001EPSS
Cross-site scripting (XSS) vulnerability in search.php in MYRE Holiday Rental Manager allows remote attackers to inject arbitrary web script or HTML via the cat_id1...
5.9AI Score
0.001EPSS
SQL injection vulnerability in admin/index.php in Mole Group Rental Script allows remote attackers to execute arbitrary SQL commands via the username...
8.4AI Score
0.001EPSS
SQL injection vulnerability in index.php in Vacation Rental Script 3.0 allows remote attackers to execute arbitrary SQL commands via the id parameter in a sections...
8.3AI Score
0.001EPSS
Multiple cross-site scripting (XSS) vulnerabilities in IDE Group DVD Rental System (DRS) 5.1 before 20070801 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: it is not clear whether IDE Group updates all DRS installations in its role as an application...
5.8AI Score
0.006EPSS
Cross-site scripting (XSS) vulnerability in index.php in Vacation Rental Script 1.0 allows remote attackers to inject arbitrary web script or HTML via the obj...
5.7AI Score
0.006EPSS