Reflected XSS Vulnerability in BA Book Everything

CVE-2024-47360

Summary

The BA Book Everything product by Booking Algorithms is susceptible to an improper neutralization of input during web page generation, leading to a reflected cross-site scripting (XSS) vulnerability. This vulnerability allows attackers to inject malicious scripts into web pages viewed by users, potentially compromising user data and security. The affected versions include those up to and including 1.6.20. Website administrators are advised to apply necessary security measures to mitigate the risk associated with this vulnerability and protect user information.

References