CVE-2023-49269 Information
Dec 22, 2023
cve
Description
Hotel Management v1.0 is vulnerable to multiple authenticated Reflected Cross-Site Scripting vulnerabilities. The ‘adults’ parameter of the reservation.php resource is copied into the HTML document as plain text between tags. Any input is echoed unmodified in the application’s response.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L
Reference
https://fluidattacks.com/advisories/lang/ https://www.kashipara.com/
Attack Complexity
LOW
Privileges Required
NONE
User Interaction Required
NONE
Scope
REQUIRED
Confidentiality Impact
UNCHANGED
Integrity Impact
NONE
Availability Impact
LOW
Base Score
LOW
Base Severity
5.4
Share on: