30 matches found
EUVD-2020-18131
Malware in sbrugna...
EUVD-2020-19891
Malware in sbrugna...
CVE-2021-37330
Laravel Booking System Booking Core 2.0 is vulnerable to Cross Site Scripting XSS. The Avatar upload in the My Profile section could be exploited to upload a malicious SVG file which contains Javascript. Now if another user/admin views the profile and clicks to view his avatar, an XSS will trigge...
CVE-2020-27379
Cross Site Request Forgery CSRF vulnerability in Booking Core - Ultimate Booking System Booking Core 1.7.0 . The CSRF token is not being validated when the request is sent as a GET method. This results in an unauthorized change in the user's email ID, which can later be used to reset the password...
CVE-2020-25444
Cross Site Scripting XSS vulnerability in Booking Core - Ultimate Booking System Booking Core 1.7.0 via the 1 "About Yourself” section under the “My Profile” page, " 2 “Hotel Policy” field under the “Hotel Details” page, 3 “Pricing code” and “name” fields under the “Manage Tour” page, and 4 all t...
Booking Core Cross-Site Scripting Vulnerability
Booking Core is a Laravel-based booking system designed as an application for travel websites, shopping malls, travel agencies, tour operators, bed and breakfasts, villa rentals, resort rentals, and Make Travel websites. A cross-site scripting vulnerability exists in Booking Core. The vulnerabili...
Booking Core Access Control Error Vulnerability
Booking Core is a software application. A Laravel based booking system designed for travel websites, malls, travel agencies, tour operators, B&Bs, villa rentals, resort rentals, Make Travel websites. An Access Control Error vulnerability exists in Booking Core 2.0, which can be exploited by an...
CVE-2021-37331
Laravel Booking System Booking Core 2.0 is vulnerable to Incorrect Access Control. On the Verifications page, after uploading an ID Card or Trade License and viewing it, ID Cards and Trade Licenses of other vendors/users can be viewed by changing the URL...
CVE-2021-37333
Laravel Booking System Booking Core 2.0 is vulnerable to Session Management. A password change at sandbox.bookingcore.org/user/profile/change-password does not invalidate a session that is opened in a different browser...
CVE-2021-37333
Laravel Booking System Booking Core 2.0 is vulnerable to Session Management. A password change at sandbox.bookingcore.org/user/profile/change-password does not invalidate a session that is opened in a different browser...
Booking Core 授权问题漏洞
Booking Core is a software application. A Laravel based booking system designed for travel websites, malls, travel agencies, tour operators, B&Bs, villa rentals, resort rentals, Make Travel websites. An Access Control Error vulnerability exists in Booking Core 2.0, which can be exploited by an...
Booking Core 跨站脚本漏洞
Booking Core is a Laravel-based booking system designed as an application for travel websites, shopping malls, travel agencies, tour operators, bed and breakfasts, villa rentals, resort rentals, and Make Travel websites. A cross-site scripting vulnerability exists in Booking Core. The vulnerabili...
Booking Core has an unspecified vulnerability
Booking Core is an application. A Laravel-based booking system designed for travel websites, malls, travel agents, tour operators, B&Bs, villa rentals, resort rentals, Make Travel websites.Booking Core has a security vulnerability that stems from the subscription functionality in Ultimate Booking...
Booking Core Cross-Site Scripting Vulnerability
Booking Core is an application. A Laravel-based booking system designed for travel websites, malls, travel agents, tour operators, B&Bs, villa rentals, resort rentals, Make Travel websites.Booking Core suffers from a cross-site scripting vulnerability, which stems from a cross-site scripting XSS...
CVE-2020-25444
Cross Site Scripting XSS vulnerability in Booking Core - Ultimate Booking System Booking Core 1.7.0 via the 1 "About Yourself” section under the “My Profile” page, " 2 “Hotel Policy” field under the “Hotel Details” page, 3 “Pricing code” and “name” fields under the “Manage Tour” page, and 4 all t...
CVE-2020-25444
Cross Site Scripting XSS vulnerability in Booking Core - Ultimate Booking System Booking Core 1.7.0 via the 1 "About Yourself” section under the “My Profile” page, " 2 “Hotel Policy” field under the “Hotel Details” page, 3 “Pricing code” and “name” fields under the “Manage Tour” page, and 4 all t...
CVE-2020-25445
The “Subscribe” feature in Ultimate Booking System Booking Core 1.7.0 is vulnerable to CSV formula injection. The input containing the excel formula is not being sanitized by the application. As a result when admin in backend download and open the csv, content of the cells are executed...
CVE-2020-27379
Cross Site Request Forgery CSRF vulnerability in Booking Core - Ultimate Booking System Booking Core 1.7.0 . The CSRF token is not being validated when the request is sent as a GET method. This results in an unauthorized change in the user's email ID, which can later be used to reset the password...
CVE-2020-27379
Cross Site Request Forgery CSRF vulnerability in Booking Core - Ultimate Booking System Booking Core 1.7.0 . The CSRF token is not being validated when the request is sent as a GET method. This results in an unauthorized change in the user's email ID, which can later be used to reset the password...
Cross site request forgery (csrf)
Cross Site Request Forgery CSRF vulnerability in Booking Core - Ultimate Booking System Booking Core 1.7.0 . The CSRF token is not being validated when the request is sent as a GET method. This results in an unauthorized change in the user's email ID, which can later be used to reset the password...