Stored Cross Site Scripting (XSS) Vulnerability in Kashipara Hotel Management System
CVE-2024-42770

4.7MEDIUM

Key Information:

Vendor

Kashipara Hotel Management System

Status
Hotel Management System
Vendor
CVE Published:
22 August 2024

What is CVE-2024-42770?

A Stored Cross Site Scripting (XSS) vulnerability was found in "/core/signup_user.php" of Kashipara Hotel Management System v1.0, which allows remote attackers to execute arbitrary code via the "user_email" parameter.

References

https://www.kashipara.com/
https://github.com/takekaramey/CVE_Writeup/blob/main/Kash...

CVSS V3.1

Score:
4.7
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

.