PT-2025-22923 · Unknown · Summer Pearl Group Vacation Rental Management Platform
Alexperrakis
·
Published
2025-05-26
·
Updated
2025-05-26
·
CVE-2025-5181
CVSS v3.1
4.1
Medium
| Vector | AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Summer Pearl Group Vacation Rental Management Platform version 1.0.1
Description
A vulnerability was found in the Summer Pearl Group Vacation Rental Management Platform, affecting an unknown part of the file /spgpm/updateListing. The manipulation of the argument
spgLsTitle leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.Recommendations
For Summer Pearl Group Vacation Rental Management Platform version 1.0.1, upgrade to version 1.0.2 to address this issue. As a temporary workaround, consider restricting access to the
/spgpm/updateListing endpoint until the upgrade is applied. Additionally, avoid using the spgLsTitle argument in the affected endpoint until the issue is resolved.Exploit
Fix
IDOR
Code Injection
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Summer Pearl Group Vacation Rental Management Platform