CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2024-0504 – code-projects Simple Online Hotel Reservation System Make a Reservation Page add_reserve.php cross site scripting
https://notcve.org/view.php?id=CVE-2024-0504
A vulnerability has been found in code-projects Simple Online Hotel Reservation System 1.0 and classified as problematic. This vulnerability affects unknown code of the file add_reserve.php of the component Make a Reservation Page. The manipulation of the argument Firstname/Lastname with the input <script>alert(1)</script> leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. • https://drive.google.com/file/d/1BIa4jfZ9FbW9d7O3tRdAKF3tb6b5NUB6/view?usp=sharing https://vuldb.com/?ctiid.250618 https://vuldb.com/?id.250618 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-1561 – code-projects Simple Online Hotel Reservation System add_room.php unrestricted upload
https://notcve.org/view.php?id=CVE-2023-1561
A vulnerability, which was classified as critical, was found in code-projects Simple Online Hotel Reservation System 1.0. Affected is an unknown function of the file add_room.php. The manipulation leads to unrestricted upload. It is possible to launch the attack remotely. VDB-223554 is the identifier assigned to this vulnerability. • https://github.com/sincere9/Bug-Hub/blob/main/SIMPLE%20ONLINE%20HOTEL%20RESERVATION%20SYSTEM/SIMPLE%20ONLINE%20HOTEL%20RESERVATION%20SYSTEM%20has%20a%20file%20upload%20(RCE)%20vulnerability.pdf https://vuldb.com/?ctiid.223554 https://vuldb.com/?id.223554 • CWE-434: Unrestricted Upload of File with Dangerous Type •