PT-2020-15616 · Php · Online Hotel Booking System Pro

Published

2020-08-27

Updated

2020-09-02

CVE-2020-23984

CVSS v3.1

5.4

Medium

Vector

AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Online Hotel Booking System Pro PHP version 1.3

Description The issue is related to Persistent Cross-site Scripting in the customer registration form, allowing malicious code to be executed. This affects the all-tags section of the form.

Recommendations For version 1.3, update the customer registration form to properly sanitize and validate user input to prevent the execution of malicious code. As a temporary workaround, consider disabling the registration form until a patch is available. Restrict access to the registration form to minimize the risk of exploitation.

Exploit

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2020-23984

Affected Products

Online Hotel Booking System Pro

PT-2020-15616 · Php · Online Hotel Booking System Pro

CVE-2020-23984

Weakness Enumeration

Related Identifiers

Affected Products

References · 3