PT-2024-11733 · Unknown · Online Flight Booking Management System
Aaditya Singh Rajawat
·
Published
2024-03-07
·
Updated
2025-05-01
·
CVE-2022-46091
CVSS v3.1
4.7
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Online Flight Booking Management System version 1.0
Description
The issue allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the
airline parameter in the feedback form. This enables the execution of malicious code on the client-side.Recommendations
For Online Flight Booking Management System version 1.0, consider validating and sanitizing user input in the feedback form to prevent the injection of malicious payloads into the
airline parameter. As a temporary workaround, restrict access to the feedback form until a proper fix is implemented.Exploit
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Online Flight Booking Management System