PT-2022-9001 · Unknown · Sourcecodester Multi Restaurant Table Reservation System

Yunaranyancat

Published

2022-07-15

Updated

2022-07-21

CVE-2020-36552

CVSS v3.1

5.4

Medium

Vector

AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions sourcecodester Multi Restaurant Table Reservation System version 1.0

Description The issue is related to a Cross Site Scripting (XSS) vulnerability. It can be exploited via the Made field to the "/dashboard/menu-list.php" API endpoint.

Recommendations For sourcecodester Multi Restaurant Table Reservation System version 1.0, consider restricting access to the "/dashboard/menu-list.php" endpoint until a fix is available. As a temporary workaround, avoid using the Made field in this endpoint to minimize the risk of exploitation.

Exploit

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2020-36552

Affected Products

Sourcecodester Multi Restaurant Table Reservation System

PT-2022-9001 · Unknown · Sourcecodester Multi Restaurant Table Reservation System

CVE-2020-36552

Weakness Enumeration

Related Identifiers

Affected Products

References · 7