Cross Site Scripting Vulnerability in Shuttle Booking Software by PHPJabbers
CVE-2023-48172

5.4MEDIUM

Key Information:

Vendor: PHPjabbers
Status: Shuttle Booking Software
Vendor: CVE Published:; 7 December 2023

What is CVE-2023-48172?

The Shuttle Booking Software 2.0 contains a Cross Site Scripting vulnerability that enables remote attackers to inject malicious JavaScript code through user input fields such as name, description, title, or address parameters in index.php. This exploitation could potentially compromise user data and undermine the integrity of the application.

References

https://www.phpjabbers.com/shuttle-booking-software/

http://packetstormsecurity.com/files/175800

https://github.com/bugsbd/CVE/tree/main/2023/CVE-2023-48172

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 7, 2023
Vulnerability Reserved
Nov 13, 2023

PHPjabbers

What is CVE-2023-48172?

References

CVSS V3.1

Timeline