6 matches found
CVE-2024-42763
CVE-2024-42763 : A reflected XSS in Kashipara Bus Ticket Reservation System v1.0, exploitable via the /schedule.php?bookingdate parameter. The root cause is insufficient filtering/escaping of user input for bookingdate, enabling arbitrary script execution. Documented by multiple sources (NVD, Red...
CVE-2024-42761
CVE-2024-42761 : A Stored XSS vulnerability exists in Kashipara Bus Ticket Reservation System v1.0, exploitable via the /admin_schedule.php endpoint and the scheduleDurationPHP parameter. Connected documents consistently describe a lack of proper input validation/escaping in this endpoint, enabli...
CVE-2024-42765
CVE-2024-42765 describes a SQL injection in Kashipara Bus Ticket Reservation System v1.0, triggered on the "/login.php" page via the email or password parameters due to lack of input validation. Exploitation permits remote attackers to execute arbitrary SQL and bypass login, potentially gaining u...
CVE-2024-42762
CVE-2024-42762 affects Kashipara Bus Ticket Reservation System v1.0, specifically the /history.php endpoint where Stored XSS is possible via Name, Phone, and Email parameters. Root cause: inadequate input handling/escaping leading to script execution. Impact: attacker can run arbitrary scripts in...
CVE-2024-42764
CVE-2024-42764 affects Kashipara Bus Ticket Reservation System v1.0. The public details show a CSRF vulnerability in /deleteTicket.php that allows forging requests without user interaction, aligning with a network-based attack vector. The CVE metrics describe low confidentiality impact but high i...
CVE-2024-42766
Kashipara Bus Ticket Reservation System v1.0.0 is reported vulnerable to Incorrect Access Control via the /deleteTicket.php endpoint, enabling unauthorized actions such as deleting bookings. The root cause is broken access control; the impact is access/modify/admin actions outside the intended pe...