A vulnerability has been found in SourceCodester Multi Language Hotel Management Software 1.0 and classified as problematic. This vulnerability affects unknown code of the file ajax.php of the component POST Parameter Handler. The manipulation of the argument complaint_type with the input <script>alert(document.cookie)</script> leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-228172.
References
| Link | Resource |
|---|---|
| https://vuldb.com/?id.228172 | Third Party Advisory |
| https://vuldb.com/?ctiid.228172 | Permissions Required Third Party Advisory |
| https://github.com/admin-passwd/bug_report/blob/main/XSS-1.md | Exploit Third Party Advisory |
Configurations
Configuration 1 (hide)
|
History
11 May 2023, 17:54
| Type | Values Removed | Values Added |
|---|---|---|
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : 6.1 |
| First Time |
Multi Language Hotel Management Software Project
Multi Language Hotel Management Software Project multi Language Hotel Management Software |
|
| References | (MISC) https://vuldb.com/?id.228172 - Third Party Advisory | |
| References | (MISC) https://github.com/admin-passwd/bug_report/blob/main/XSS-1.md - Exploit, Third Party Advisory | |
| References | (MISC) https://vuldb.com/?ctiid.228172 - Permissions Required, Third Party Advisory | |
| CPE | cpe:2.3:a:multi_language_hotel_management_software_project:multi_language_hotel_management_software:1.0:*:*:*:*:*:*:* |
07 May 2023, 15:15
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2023-05-07 15:15
Updated : 2024-05-17 02:23
NVD link : CVE-2023-2565
Mitre link : CVE-2023-2565
JSON object : View
Products Affected
multi_language_hotel_management_software_project
- multi_language_hotel_management_software
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')