Lucene search
K
JayeshHotel Management System

14 matches found

CVE
CVE
added 2024/08/22 12:0 a.m.66 views

CVE-2024-42769

CVE-2024-42769 is a reflected XSS vulnerability in Kashipara Hotel Management System v1.0. The issue affects the endpoint "/core/signup_user.php" where user_fname and user_lname are unsafely handled, allowing an attacker to inject scripts and potentially hijack user sessions through crafted input...

6.1CVSS6.6AI score0.00444EPSS
Web
CVE
CVE
added 2024/08/22 12:0 a.m.61 views

CVE-2024-42772

CVE-2024-42772 is a broken access control vulnerability in Kashipara Hotel Management System v1.0. An unauthenticated attacker can access /admin/rooms.php to view valid hotel room entries in the administrator interface, due to an incorrect access control check. The issue affects the administrator...

7.5CVSS6.8AI score0.00484EPSS
CVE
CVE
added 2024/08/22 12:0 a.m.56 views

CVE-2024-42773

CVE-2024-42773 - Kashipara Hotel Management System v1.0 suffers an incorrect access control vulnerability in the admin path. The issue resides in the file /admin/edit_room_controller.php and allows an unauthenticated attacker to edit valid hotel room entries in the administrator section. The IA/i...

9.1CVSS7AI score0.00488EPSS
Web
CVE
CVE
added 2023/12/20 7:25 p.m.55 views

CVE-2023-49272

Hotel Management v1.0 is affected by multiple authenticated Reflected XSS flaws. The vulnerability stems from the children parameter in reservation.php, whose value is echoed into the HTML document as plain text. This could allow attackers who have valid access to craft inputs that are reflected ...

5.4CVSS5.4AI score0.00374EPSS
CVE
CVE
added 2024/08/22 12:0 a.m.53 views

CVE-2024-42767

CVE-2024-42767 affects Kashipara Hotel Management System v1.0, with an Unrestricted File Upload vulnerability enabling Remote Code Execution through /admin/add_room_controller.php. Public sources consistently describe the flaw as a lack of validation of uploaded files, allowing an attacker to upl...

7.2CVSS6.9AI score0.00579EPSS
CVE
CVE
added 2024/08/22 12:0 a.m.53 views

CVE-2024-42770

CVE-2024-42770 affects Kashipara Hotel Management System v1.0. A Stored XSS exists in /core/signup_user.php via the user_email parameter, enabling an attacker to inject scripts executed in the victim’s browser. The CVSSv3.1 base score is 4.7 (Network attack, low complexity, no privileges, user in...

4.7CVSS6.4AI score0.00485EPSS
Web
CVE
CVE
added 2024/08/22 12:0 a.m.52 views

CVE-2024-42771

CVE-2024-42771 affects Kashipara Hotel Management System v1.0, specifically the /admin/edit_room_controller.php endpoint. The vulnerability is Stored XSS via the room_name parameter, allowing remote attackers to inject and execute arbitrary scripts in the context of the affected web application. ...

4.8CVSS6.5AI score0.00424EPSS
Web
CVE
CVE
added 2024/08/22 12:0 a.m.50 views

CVE-2024-42774

CVE-2024-42774 affects Kashipara Hotel Management System v1.0. The issue is an Incorrect Access Control in the admin endpoint “/admin/delete_room.php” that allows an unauthenticated attacker to delete valid hotel room entries in the administrator section. Multiple sources corroborate the vulnerab...

7.5CVSS6.9AI score0.00412EPSS
CVE
CVE
added 2024/08/22 12:0 a.m.49 views

CVE-2024-42768

CVE-2024-42768 relates to a Cross-Site Request Forgery affecting Kashipara Hotel Management System v1.0, exploitable via the admin/delete_room.php endpoint. The connected sources confirm the issue and its existence but do not provide concrete details on root cause beyond CSRF and do not specify v...

6.8CVSS7AI score0.00173EPSS
CVE
CVE
added 2024/08/22 12:0 a.m.46 views

CVE-2024-42776

Kashipara Hotel Management System v1.0 is affected by an Incorrect Access Control vulnerability exploitable via /admin/users.php. The CVE describes unauthorized access with network attack vector, requiring high privileges, and with no user interaction, potentially impacting confidentiality, integ...

7.2CVSS6.8AI score0.00535EPSS
CVE
CVE
added 2024/08/22 12:0 a.m.44 views

CVE-2024-42775

The CVE concerns Kashipara Hotel Management System v1.0, where an Incorrect Access Control flaw in /admin/add_room_controller.php allows an unauthenticated attacker to add valid hotel room entries via direct URL access. The issue is documented across multiple feeds (NVD, Red Hat, CNVD, CNVDCN, CN...

9.1CVSS6.7AI score0.00484EPSS
CVE
CVE
added 2023/12/20 5:41 p.m.39 views

CVE-2023-49269

CVE-2023-49269 affects Hotel Management v1.0. The vulnerability is an authenticated Reflected Cross-Site Scripting (XSS) in the adults parameter of reservation.php, where input is echoed unmodified in the HTML response and copied into the page between tags. Affected component: reservation.php in ...

5.4CVSS5.4AI score0.00368EPSS
CVE
CVE
added 2023/12/20 7:21 p.m.39 views

CVE-2023-49270

Affected product/versions: Hotel Management v1.0. Vulnerability type: Authenticated Reflected Cross-Site Scripting (XSS). The vulnerability arises because the check_in_date parameter in reservation.php is echoed into the HTML response as plain text between tags, allowing injection of arbitrary HT...

5.4CVSS5.4AI score0.00383EPSS
CVE
CVE
added 2023/12/20 7:24 p.m.33 views

CVE-2023-49271

CVE-2023-49271 affects Hotel Management v1.0. The vulnerability is a set of authenticated Reflected Cross-Site Scripting (XSS) flaws in reservation.php where the check_out_date parameter is copied into the HTML as plaintext and any input is echoed back in the response. Affected component is the r...

5.4CVSS5.4AI score0.00383EPSS