Refine your search
1 vulnerability found for Hotel Management by Kashipara Group
CVE-2023-49272 (GCVE-0-2023-49272)
Vulnerability from nvd
Published
2023-12-20 19:25
Modified
2025-05-19 14:47
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Summary
Hotel Management v1.0 is vulnerable to multiple authenticated Reflected Cross-Site Scripting vulnerabilities. The 'children' parameter of the reservation.php resource is copied into the HTML document as plain text between tags. Any input is echoed unmodified in the application's response.
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Kashipara Group | Hotel Management |
Version: 1.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T21:53:44.990Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "https://fluidattacks.com/advisories/lang/"
},
{
"tags": [
"product",
"x_transferred"
],
"url": "https://www.kashipara.com/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Hotel Management",
"vendor": "Kashipara Group",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
}
],
"datePublic": "2023-12-06T17:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eHotel Management v1.0 is vulnerable to multiple authenticated Reflected Cross-Site Scripting vulnerabilities. The \u0027children\u0027 parameter of the reservation.php resource\u0026nbsp;is copied into the HTML document as plain text\u0026nbsp;between tags. Any input is echoed unmodified in the\u0026nbsp;application\u0027s response.\u003c/p\u003e"
}
],
"value": "Hotel Management v1.0 is vulnerable to multiple authenticated Reflected Cross-Site Scripting vulnerabilities. The \u0027children\u0027 parameter of the reservation.php resource\u00a0is copied into the HTML document as plain text\u00a0between tags. Any input is echoed unmodified in the\u00a0application\u0027s response."
}
],
"impacts": [
{
"capecId": "CAPEC-63",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-63 Cross-Site Scripting (XSS)"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-19T14:47:29.612Z",
"orgId": "84fe0718-d6bb-4716-a7e8-81a6d1daa869",
"shortName": "Fluid Attacks"
},
"references": [
{
"tags": [
"third-party-advisory"
],
"url": "https://fluidattacks.com/advisories/lang/"
},
{
"tags": [
"product"
],
"url": "https://www.kashipara.com/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Hotel Management v1.0 - Multiple Reflected Cross-Site Scripting (XSS)",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "84fe0718-d6bb-4716-a7e8-81a6d1daa869",
"assignerShortName": "Fluid Attacks",
"cveId": "CVE-2023-49272",
"datePublished": "2023-12-20T19:25:08.511Z",
"dateReserved": "2023-11-24T16:25:53.193Z",
"dateUpdated": "2025-05-19T14:47:29.612Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}