PT-2025-22923 · Unknown · Summer Pearl Group Vacation Rental Management Platform
Alexperrakis
·
Publicado
2025-05-26
·
Atualizado
2025-05-26
·
CVE-2025-5181
CVSS v3.1
4.1
Média
| Vetor | AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Summer Pearl Group Vacation Rental Management Platform version 1.0.1
Description
A vulnerability was found in the Summer Pearl Group Vacation Rental Management Platform, affecting an unknown part of the file /spgpm/updateListing. The manipulation of the argument
spgLsTitle leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.Recommendations
For Summer Pearl Group Vacation Rental Management Platform version 1.0.1, upgrade to version 1.0.2 to address this issue. As a temporary workaround, consider restricting access to the
/spgpm/updateListing endpoint until the upgrade is applied. Additionally, avoid using the spgLsTitle argument in the affected endpoint until the issue is resolved.Exploit
Correção
IDOR
Code Injection
XSS
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Identificadores relacionados
Produtos afetados
Summer Pearl Group Vacation Rental Management Platform