CVE-2023-48172

Name of the Vulnerable Software and Affected Versions Shuttle Booking Software version 2.0

Description A Cross Site Scripting (XSS) issue allows a remote attacker to inject JavaScript via the name, description, title, or address parameter to "index.php". This enables the attacker to execute malicious scripts on the victim's browser.

Recommendations For Shuttle Booking Software version 2.0, as a temporary workaround, consider validating and sanitizing user input for the name, description, title, and address parameters to prevent JavaScript injection. Restrict access to the "index.php" endpoint until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.