CVE-2023-49272

Hotel Management v1.0 is vulnerable to multiple authenticated Reflected Cross-Site Scripting vulnerabilities. The 'children' parameter of the reservation.php resource is copied into the HTML document as plain text between tags. Any input is echoed unmodified in the application's response.
Configurations

Configuration 1 (hide)

cpe:2.3:a:kashipara:hotel_management:1.0:*:*:*:*:*:*:*

History

19 May 2025, 15:15

Type Values Removed Values Added
Summary (en) Hotel Management v1.0 is vulnerable to multiple authenticated Reflected Cross-Site Scripting vulnerabilities. The 'children' parameter of the reservation.php resource is copied into the HTML document as plain text between tags. Any input is echoed unmodified in the application's response. (en) Hotel Management v1.0 is vulnerable to multiple authenticated Reflected Cross-Site Scripting vulnerabilities. The 'children' parameter of the reservation.php resource is copied into the HTML document as plain text between tags. Any input is echoed unmodified in the application's response.

21 Nov 2024, 08:33

Type Values Removed Values Added
References () https://fluidattacks.com/advisories/lang/ - Third Party Advisory () https://fluidattacks.com/advisories/lang/ - Third Party Advisory
References () https://www.kashipara.com/ - Product () https://www.kashipara.com/ - Product

01 Feb 2024, 18:06

Type Values Removed Values Added
CVSS v2 : unknown
v3 : 6.1
v2 : unknown
v3 : 5.4

26 Dec 2023, 21:38

Type Values Removed Values Added
Summary
  • (es) Hotel Management v1.0 es afectado por múltiples vulnerabilidades de cross site scripting reflejadas y autenticadas. El parámetro 'children' del recurso reservation.php se copia en el documento HTML como texto plano entre etiquetas. Cualquier entrada se repite sin modificaciones en la respuesta de la aplicación.
References () https://fluidattacks.com/advisories/lang/ - () https://fluidattacks.com/advisories/lang/ - Third Party Advisory
References () https://www.kashipara.com/ - () https://www.kashipara.com/ - Product
First Time Kashipara hotel Management
Kashipara
CVSS v2 : unknown
v3 : 5.4
v2 : unknown
v3 : 6.1
CPE cpe:2.3:a:kashipara:hotel_management:1.0:*:*:*:*:*:*:*

20 Dec 2023, 20:15

Type Values Removed Values Added
New CVE

Information

Published : 2023-12-20 20:15

Updated : 2025-05-19 15:15


NVD link : CVE-2023-49272

Mitre link : CVE-2023-49272

CVE.ORG link : CVE-2023-49272


JSON object : View

Products Affected

kashipara

  • hotel_management
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')