CVSS: 6.1EPSS: 3%CPEs: 1EXPL: 3CVE-2014-4035 – BSI Advance Hotel Booking System 2.0 - 'booking_details.php Persistent Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2014-4035
11 Jun 2014 — Cross-site scripting (XSS) vulnerability in booking_details.php in Best Soft Inc. (BSI) Advance Hotel Booking System 2.0 allows remote attackers to inject arbitrary web script or HTML via the title parameter. Vulnerabilidad de XSS en booking_details.php en Best Soft Inc. (BSI) Advance Hotel Booking System 2.0 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través del parámetro del título. BSI Advance Hotel Booking System version 2.0 suffers from a persistent cross site s... • https://packetstorm.news/files/id/154024 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 4CVE-2010-4814 – BSI Advance Hotel Booking System 1.0 - SQL Injection
https://notcve.org/view.php?id=CVE-2010-4814
08 Jul 2011 — SQL injection vulnerability in index1.php in Best Soft Inc. (BSI) Advance Hotel Booking System 1.0 allows remote attackers to execute arbitrary SQL commands via the page parameter. Vulnerabilidad de inyección SQL en index1.php en Best Soft Inc. (BSI) Advance Hotel Booking System v1.0 permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro "page". • https://www.exploit-db.com/exploits/15531 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •