Lucene search
K
KjayvikBus Ticket Reservation System

6 matches found

CVE
CVE
added 2024/08/22 12:0 a.m.65 views

CVE-2024-42763

CVE-2024-42763 : A reflected XSS in Kashipara Bus Ticket Reservation System v1.0, exploitable via the /schedule.php?bookingdate parameter. The root cause is insufficient filtering/escaping of user input for bookingdate, enabling arbitrary script execution. Documented by multiple sources (NVD, Red...

5.4CVSS6.7AI score0.00415EPSS
CVE
CVE
added 2024/08/22 12:0 a.m.61 views

CVE-2024-42761

CVE-2024-42761 : A Stored XSS vulnerability exists in Kashipara Bus Ticket Reservation System v1.0, exploitable via the /admin_schedule.php endpoint and the scheduleDurationPHP parameter. Connected documents consistently describe a lack of proper input validation/escaping in this endpoint, enabli...

6.1CVSS6.4AI score0.00444EPSS
CVE
CVE
added 2024/08/23 12:0 a.m.59 views

CVE-2024-42765

CVE-2024-42765 describes a SQL injection in Kashipara Bus Ticket Reservation System v1.0, triggered on the "/login.php" page via the email or password parameters due to lack of input validation. Exploitation permits remote attackers to execute arbitrary SQL and bypass login, potentially gaining u...

9.8CVSS8.9AI score0.00694EPSS
CVE
CVE
added 2024/08/22 12:0 a.m.54 views

CVE-2024-42762

CVE-2024-42762 affects Kashipara Bus Ticket Reservation System v1.0, specifically the /history.php endpoint where Stored XSS is possible via Name, Phone, and Email parameters. Root cause: inadequate input handling/escaping leading to script execution. Impact: attacker can run arbitrary scripts in...

5.4CVSS6.4AI score0.00415EPSS
CVE
CVE
added 2024/08/23 12:0 a.m.54 views

CVE-2024-42764

CVE-2024-42764 affects Kashipara Bus Ticket Reservation System v1.0. The public details show a CSRF vulnerability in /deleteTicket.php that allows forging requests without user interaction, aligning with a network-based attack vector. The CVE metrics describe low confidentiality impact but high i...

9.4CVSS7.3AI score0.00299EPSS
CVE
CVE
added 2024/08/23 12:0 a.m.52 views

CVE-2024-42766

Kashipara Bus Ticket Reservation System v1.0.0 is reported vulnerable to Incorrect Access Control via the /deleteTicket.php endpoint, enabling unauthorized actions such as deleting bookings. The root cause is broken access control; the impact is access/modify/admin actions outside the intended pe...

5.4CVSS7.1AI score0.00296EPSS