Multiple XSS Vulnerabilities in Travelon Express by Travelon
CVE-2012-2938

Currently unrated

Key Information:

Vendor: Itechscripts
Status: Travelon Express
Vendor: CVE Published:; 27 May 2012

🔔 Create Itechscripts Vulnerability Alert

What is CVE-2012-2938?

Travelon Express version 6.2.2 is vulnerable to multiple cross-site scripting (XSS) attacks, which allow remote attackers to inject arbitrary web scripts or HTML. This vulnerability is triggered specifically through user input fields like the holiday name, which can compromise the security of web applications, leading to potential data theft or unauthorized actions when users interact with the affected pages, such as holiday_add.php or holiday_view.php.

References

http://www.securityfocus.com/bid/53500

vdb-entryx_refsource_BID

https://exchange.xforce.ibmcloud.com/vulnerabilities/75541

vdb-entryx_refsource_XF

http://www.vulnerability-lab.com/get_content.php?id=530

x_refsource_MISC

EPSS Score

6% chance of being exploited in the next 30 days.

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 27, 2012
Vulnerability Reserved
May 27, 2012