Filtered by vendor Kashipara Subscriptions
Filtered by product Hotel Management Subscriptions
Total 5 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2023-49272 1 Kashipara 1 Hotel Management 2024-11-21 5.4 Medium
Hotel Management v1.0 is vulnerable to multiple authenticated Reflected Cross-Site Scripting vulnerabilities. The 'children' parameter of the reservation.php resource is copied into the HTML document as plain text between tags. Any input is echoed unmodified in the application's response.
CVE-2023-49271 1 Kashipara 1 Hotel Management 2024-11-21 5.4 Medium
Hotel Management v1.0 is vulnerable to multiple authenticated Reflected Cross-Site Scripting vulnerabilities. The 'check_out_date' parameter of the reservation.php resource is copied into the HTML document as plain text between tags. Any input is echoed unmodified in the application's response.
CVE-2023-49270 1 Kashipara 1 Hotel Management 2024-11-21 5.4 Medium
Hotel Management v1.0 is vulnerable to multiple authenticated Reflected Cross-Site Scripting vulnerabilities. The 'check_in_date' parameter of the reservation.php resource is copied into the HTML document as plain text between tags. Any input is echoed unmodified in the application's response.
CVE-2024-42770 1 Kashipara 1 Hotel Management 2024-08-23 4.7 Medium
A Stored Cross Site Scripting (XSS) vulnerability was found in "/core/signup_user.php" of Kashipara Hotel Management System v1.0, which allows remote attackers to execute arbitrary code via the "user_email" parameter.
CVE-2024-42768 1 Kashipara 1 Hotel Management 2024-08-23 6.8 Medium
A Cross-Site Request Forgery (CSRF) vulnerability was found in Kashipara Hotel Management System v1.0 via /admin/delete_room.php.