3 matches found
CVE-2023-4112
PHP Jabbers Shuttle Booking Software 1.0 contains a Cross-Site Scripting (XSS) flaw in /index.php. The Nuclei template and ExploitDB entry describe an attacker sending a malicious URL via email/IM to exploit RXSS and potentially steal session tokens or credentials. Root cause: insufficient saniti...
CVE-2023-48172
CVE-2023-48172 affects Shuttle Booking Software v2.0 (PHP Jabbers). The vulnerability is a Cross Site Scripting (XSS) flaw that allows a remote attacker to inject JavaScript via the name, description, title, or address parameters sent to index.php. Public exploit discussions (e.g., PacketStorm an...
CVE-2023-48830
Shuttle Booking Software 2.0 is affected by CVE-2023-48830 due to CSV injection in the Languages section during export. The root cause is insufficient input validation on the Unique ID field in the Reservations list used to construct CSV exports. Impact is exposure of injected content in exported...