PT-2023-31139 · Unknown · Hotel Management
Andres Roldan
·
Published
2023-12-20
·
Updated
2026-01-06
·
CVE-2023-49271
CVSS v3.1
5.4
Medium
| Vector | AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Hotel Management version 1.0
Description
The issue concerns multiple authenticated Reflected Cross-Site Scripting vulnerabilities. Specifically, the
check out date parameter of the "reservation.php" resource is copied into the HTML document as plain text between tags. Any input is echoed unmodified in the application's response.Recommendations
For Hotel Management version 1.0, consider disabling the
check out date parameter in the reservation.php resource until a patch is available. Restrict access to the reservation.php resource to minimize the risk of exploitation. Avoid using the check out date parameter in the affected resource until the issue is resolved.Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Hotel Management