CVE-2023-49272 Vulnerability Details

  /     /     /  

CVE-2023-49272 Metadata Quick Info

CVE Published: 20/12/2023 | CVE Updated: 02/08/2024 | CVE Year: 2023
Source: Fluid Attacks | Vendor: Kashipara Group | Product: Hotel Management
Status : PUBLISHED

---

CVE-2023-49272 Description

Hotel Management v1.0 is vulnerable to multiple authenticated Reflected Cross-Site Scripting vulnerabilities. The \'children\' parameter of the reservation.php resource is copied into the HTML document as plain text between tags. Any input is echoed unmodified in the application\'s response.

Metrics

CVSS Version: 3.1 | Base Score: 5.4 MEDIUM
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L

l➤ Exploitability Metrics:
    Attack Vector (AV)* NETWORK
    Attack Complexity (AC)* LOW
    Privileges Required (PR)* NONE
    User Interaction (UI)* REQUIRED
    Scope (S)* UNCHANGED

l➤ Impact Metrics:
    Confidentiality Impact (C)* NONE
    Integrity Impact (I)* LOW
    Availability Impact (A)* LOW

Weakness Enumeration (CWE)

CWE-ID: CWE-79
CWE Name: CWE-79 Improper Neutralization of Input During Web Page Generation ( Cross-site Scripting )
Source: Kashipara Group

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID: CAPEC-63
CAPEC Description: CAPEC-63 Cross-Site Scripting (XSS)


Source: NVD (National Vulnerability Database).