Lucene search
+L

145 matches found

CVE
CVE
added 2023/09/07 12:19 p.m.2488 views

CVE-2023-39421

CVE-2023-39421 involves the RDPWin.dll component used by the IRM Next Generation booking engine, which contains hardcoded API keys for third‑party services (Twilio, Vonage). The root cause is hardcoded credentials in RDPWin.dll, enabling unrestricted interaction with these services. NVD assigns a...

7.7CVSS7.6AI score0.00392EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2023/09/07 12:0 a.m.6 views

Internet Reservation Module Booking Engine SQL Injection Vulnerability

Internet Reservation Module Booking Engine is a reservation platform. An SQL injection vulnerability exists in Internet Reservation Module Booking Engine. An attacker can exploit this vulnerability to disclose the session table, obtain a currently valid session, and impersonate the currently logg...

9.1CVSS7.8AI score0.00468EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/09/07 12:0 a.m.9 views

Internet Reservation Module Booking Engine Code Issue Vulnerability

Internet Reservation Module Booking Engine is a booking platform. A code issue vulnerability exists in Internet Reservation Module Booking Engine. An attacker could use this vulnerability to upload arbitrary content, such as a web shell component, to a SQL database and execute it with system...

9.9CVSS7.9AI score0.00737EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/09/07 12:0 a.m.7 views

engine Trust Management Gaps

Internet Reservation Module Booking Engine is a booking platform. A trust management issue vulnerability exists in IRM Next Generation booking engine, which arises from the use of HMAC tokens to authenticate requests, but these tokens are exposed in JavaScript files loaded by the client...

9.8CVSS6.7AI score0.00355EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/09/07 12:0 a.m.8 views

Internet Reservation Module Booking Engine Trust Management Issue Vulnerability

Internet Reservation Module Booking Engine is a reservation platform. A trust management issue vulnerability exists in Internet Reservation Module Booking Engine, which arises from the use of hard-coded API keys...

7.7CVSS6.8AI score0.00392EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2023/09/07 12:0 a.m.8 views

PT-2023-26943 · Unknown · Irm Next Generation

Name of the Vulnerable Software and Affected Versions: IRM Next Generation booking engine affected versions not specified Description: The /irmdata/api/ endpoints exposed by the IRM Next Generation booking engine authenticate requests using HMAC tokens. However, these tokens are exposed in a...

9.8CVSS9.5AI score0.00355EPSS
Exploits0References6
CNNVD
CNNVD
added 2023/09/07 12:0 a.m.8 views

Internet Reservation Module Booking Engine Trust Management Issue Vulnerability

Internet Reservation Module Booking Engine is a booking platform. Internet Reservation Module Booking Engine has a trust management issue vulnerability that stems from...

9.9CVSS6.9AI score0.00548EPSS
Exploits0References2
OSV
OSV
added 2023/05/23 1:15 p.m.3 views

CVE-2023-25707

Cross-Site Request Forgery CSRF vulnerability in E4J s.R.L. VikBooking Hotel Booking Engine & PMS plugin = 1.5.12 versions...

8.8CVSS7.3AI score0.00232EPSS
Exploits0References1
NVD
NVD
added 2023/05/23 1:15 p.m.20 views

CVE-2023-25707

Cross-Site Request Forgery CSRF vulnerability in E4J s.R.L. VikBooking Hotel Booking Engine & PMS plugin = 1.5.12 versions...

8.8CVSS7.1AI score0.00232EPSS
Exploits0References1
Prion
Prion
added 2023/05/23 1:15 p.m.15 views

Cross site request forgery (csrf)

Cross-Site Request Forgery CSRF vulnerability in E4J s.R.L. VikBooking Hotel Booking Engine & PMS plugin = 1.5.12 versions...

6.8CVSS8.7AI score0.00232EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2023/05/23 12:36 p.m.55 views

CVE-2023-25707

CVE-2023-25707: Cross-Site Request Forgery in the VikBooking Hotel Booking Engine & PMS WordPress plugin (versions

8.8CVSS7.5AI score0.00232EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2023/05/23 12:0 a.m.4 views

WordPress plugin VikBooking Hotel Booking Engine & PMS 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forger...

8.8CVSS8.1AI score0.00232EPSS
Exploits0References2
OSV
OSV
added 2023/04/06 2:15 p.m.5 views

CVE-2023-24396

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in E4J s.R.L. VikBooking Hotel Booking Engine & PMS plugin = 1.5.11 versions...

4.8CVSS5.8AI score0.00392EPSS
Exploits0References1
NVD
NVD
added 2023/04/06 2:15 p.m.11 views

CVE-2023-24396

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in E4J s.R.L. VikBooking Hotel Booking Engine & PMS plugin = 1.5.11 versions...

5.9CVSS5.4AI score0.00392EPSS
Exploits0References1
CVE
CVE
added 2023/04/06 1:14 p.m.48 views

CVE-2023-24396

CVE-2023-24396 affects the WordPress VikBooking Hotel Booking Engine & PMS plugin, versions 1.5.11 is recommended. Other sources corroborate XSS risk in affected versions and suggest patching as the mitigation. If exploiting details are not provided in the documents, note that exploitation specif...

5.9CVSS5AI score0.00392EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2023/04/06 1:14 p.m.35 views

CVE-2023-24396 WordPress VikBooking Hotel Booking Engine & PMS Plugin <= 1.5.11 is vulnerable to Cross Site Scripting (XSS)

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in E4J s.R.L. VikBooking Hotel Booking Engine & PMS plugin = 1.5.11 versions...

5.9CVSS5.5AI score0.00392EPSS
Exploits0References1
CNNVD
CNNVD
added 2023/04/06 12:0 a.m.3 views

WordPress Plugin VikBooking Hotel Booking Engine & PMS 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

5.9CVSS5AI score0.00392EPSS
Exploits0References2
Patchstack
Patchstack
added 2023/02/15 12:0 a.m.12 views

WordPress VikBooking Hotel Booking Engine & PMS Plugin <= 1.5.12 is vulnerable to Cross Site Request Forgery (CSRF)

Software VikBooking Hotel Booking Engine & PMS Type Plugin Vulnerable versions = 1.5.12 Fixed in 1.6.0 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-25707 Patch priority Low CVSS severity Low 6.3 Developer Claim ownership PSID 425db90a957f...

8.8CVSS6.6AI score0.00232EPSS
Exploits0References2Affected Software1
WPVulnDB
WPVulnDB
added 2023/01/27 12:0 a.m.20 views

VikBooking Hotel Booking Engine & PMS < 1.5.12 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

5.9CVSS4.8AI score0.00392EPSS
Exploits0Affected Software1
NVD
NVD
added 2022/05/30 9:15 a.m.20 views

CVE-2022-1528

The VikBooking Hotel Booking Engine & PMS WordPress plugin before 1.5.9 does not escape the current URL before putting it back in a JavaScript context, leading to a Reflected Cross-Site Scripting...

6.1CVSS0.00757EPSS
Exploits2References1
Rows per page
Query Builder