2 results (0.014 seconds)

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1

Shuttle Booking Software 2.0 is vulnerable to CSV Injection in the Languages section via an export. Shuttle Booking Software 2.0 es vulnerable a la inyección CSV en la sección Idiomas a través de una exportación. PHPJabbers Shuttle Booking Software version 2.0 suffers from a CSV injection vulnerability. • http://packetstormsecurity.com/files/176038 https://www.phpjabbers.com/shuttle-booking-software • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •

CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1

A Cross Site Scripting (XSS) vulnerability in Shuttle Booking Software 2.0 allows a remote attacker to inject JavaScript via the name, description, title, or address parameter to index.php. Vulnerabilidad de Cross Site Scripting (XSS) en Shuttle Booking Software 2.0 permite a un atacante remoto inyectar JavaScript a través del nombre, descripción, título o parámetro de dirección en index.php. Shuttle Booking Software version 2.0 suffers from multiple persistent cross site scripting vulnerabilities. • http://packetstormsecurity.com/files/175800 https://github.com/bugsbd/CVE/tree/main/2023/CVE-2023-48172 https://www.phpjabbers.com/shuttle-booking-software • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •