145 matches found
CVE-2023-39421
CVE-2023-39421 involves the RDPWin.dll component used by the IRM Next Generation booking engine, which contains hardcoded API keys for third‑party services (Twilio, Vonage). The root cause is hardcoded credentials in RDPWin.dll, enabling unrestricted interaction with these services. NVD assigns a...
Internet Reservation Module Booking Engine SQL Injection Vulnerability
Internet Reservation Module Booking Engine is a reservation platform. An SQL injection vulnerability exists in Internet Reservation Module Booking Engine. An attacker can exploit this vulnerability to disclose the session table, obtain a currently valid session, and impersonate the currently logg...
Internet Reservation Module Booking Engine Code Issue Vulnerability
Internet Reservation Module Booking Engine is a booking platform. A code issue vulnerability exists in Internet Reservation Module Booking Engine. An attacker could use this vulnerability to upload arbitrary content, such as a web shell component, to a SQL database and execute it with system...
engine Trust Management Gaps
Internet Reservation Module Booking Engine is a booking platform. A trust management issue vulnerability exists in IRM Next Generation booking engine, which arises from the use of HMAC tokens to authenticate requests, but these tokens are exposed in JavaScript files loaded by the client...
Internet Reservation Module Booking Engine Trust Management Issue Vulnerability
Internet Reservation Module Booking Engine is a reservation platform. A trust management issue vulnerability exists in Internet Reservation Module Booking Engine, which arises from the use of hard-coded API keys...
PT-2023-26943 · Unknown · Irm Next Generation
Name of the Vulnerable Software and Affected Versions: IRM Next Generation booking engine affected versions not specified Description: The /irmdata/api/ endpoints exposed by the IRM Next Generation booking engine authenticate requests using HMAC tokens. However, these tokens are exposed in a...
Internet Reservation Module Booking Engine Trust Management Issue Vulnerability
Internet Reservation Module Booking Engine is a booking platform. Internet Reservation Module Booking Engine has a trust management issue vulnerability that stems from...
CVE-2023-25707
Cross-Site Request Forgery CSRF vulnerability in E4J s.R.L. VikBooking Hotel Booking Engine & PMS plugin = 1.5.12 versions...
CVE-2023-25707
Cross-Site Request Forgery CSRF vulnerability in E4J s.R.L. VikBooking Hotel Booking Engine & PMS plugin = 1.5.12 versions...
Cross site request forgery (csrf)
Cross-Site Request Forgery CSRF vulnerability in E4J s.R.L. VikBooking Hotel Booking Engine & PMS plugin = 1.5.12 versions...
CVE-2023-25707
CVE-2023-25707: Cross-Site Request Forgery in the VikBooking Hotel Booking Engine & PMS WordPress plugin (versions
WordPress plugin VikBooking Hotel Booking Engine & PMS 跨站请求伪造漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forger...
CVE-2023-24396
Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in E4J s.R.L. VikBooking Hotel Booking Engine & PMS plugin = 1.5.11 versions...
CVE-2023-24396
Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in E4J s.R.L. VikBooking Hotel Booking Engine & PMS plugin = 1.5.11 versions...
CVE-2023-24396
CVE-2023-24396 affects the WordPress VikBooking Hotel Booking Engine & PMS plugin, versions 1.5.11 is recommended. Other sources corroborate XSS risk in affected versions and suggest patching as the mitigation. If exploiting details are not provided in the documents, note that exploitation specif...
CVE-2023-24396 WordPress VikBooking Hotel Booking Engine & PMS Plugin <= 1.5.11 is vulnerable to Cross Site Scripting (XSS)
Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in E4J s.R.L. VikBooking Hotel Booking Engine & PMS plugin = 1.5.11 versions...
WordPress Plugin VikBooking Hotel Booking Engine & PMS 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...
WordPress VikBooking Hotel Booking Engine & PMS Plugin <= 1.5.12 is vulnerable to Cross Site Request Forgery (CSRF)
Software VikBooking Hotel Booking Engine & PMS Type Plugin Vulnerable versions = 1.5.12 Fixed in 1.6.0 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-25707 Patch priority Low CVSS severity Low 6.3 Developer Claim ownership PSID 425db90a957f...
VikBooking Hotel Booking Engine & PMS < 1.5.12 - Admin+ Stored XSS
The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2022-1528
The VikBooking Hotel Booking Engine & PMS WordPress plugin before 1.5.9 does not escape the current URL before putting it back in a JavaScript context, leading to a Reflected Cross-Site Scripting...