6 matches found
Reservit Hotel 2.1 - Stored Cross-Site Scripting (XSS)
Exploit Title: Reservit Hotel Content 3. Add the following payload to the Button text French field sane save: " style=animation-name:rotation onanimationstart=alert/XSS/// 4. The XSS will trigger upon saving and when any user will access the content dashboard again References:...
CVE-2024-9458
creationtimestamp| type| source ---|---|--- 2025-03-07 10:35:14+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/6826 2025-03-07 12:25:40+00:00| seen| https://t.me/cvedetector/19803 2025-03-07 14:05:00+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3ljs6huat622f 2025-03-08...
CVE-2024-9458
The Reservit Hotel WordPress plugin before 3.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2024-9458 Reservit Hotel < 3.0 - Admin+ Stored XSS
The Reservit Hotel WordPress plugin before 3.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2024-9458 Reservit Hotel < 3.0 - Admin+ Stored XSS
The Reservit Hotel WordPress plugin before 3.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2024-9458
CVE-2024-9458 concerns the Reservit Hotel WordPress plugin, affected versions prior to 3.0. The root cause is failure to adequately sanitize and escape certain settings, which can permit stored XSS by high-privilege users (e.g., admins) even when unfiltered_html is disallowed, including multisite...