CVE-2023-49271

CVSS 3.1 Score 5.4 of 10 (medium)

Details

Published Dec 20, 2023

Updated: Dec 26, 2023

CWE ID 79

Summary

CVE-2023-49271: The Hotel Management v1.0 system is affected by multiple authenticated Reflected Cross-Site Scripting (XSS) vulnerabilities. Maliciously crafted input can be reflected off the 'check_out_date' parameter in the reservation.php resource, leading to the injection of malicious scripts. The application fails to sanitize user input, resulting in the scripts being directly echoed into the HTML document. This issue poses a significant risk to users who interact with the application and could potentially lead to data theft or unauthorized access.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/tjH9eK
https://www.cve.org/CVERecord?id=CVE-2023-49271
https://nvd.nist.gov/vuln/detail/CVE-2023-49271

Back to Vulnerability Database

CVE-2023-49271

CVSS 3.1 Score 5.4 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations