CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 2CVE-2023-48830 – PHPJabbers Shuttle Booking Software 2.0 CSV Injection
https://notcve.org/view.php?id=CVE-2023-48830
04 Dec 2023 — Shuttle Booking Software 2.0 is vulnerable to CSV Injection in the Languages section via an export. Shuttle Booking Software 2.0 es vulnerable a la inyección CSV en la sección Idiomas a través de una exportación. PHPJabbers Shuttle Booking Software version 2.0 suffers from a CSV injection vulnerability. • https://packetstorm.news/files/id/176038 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 2CVE-2023-48172 – Shuttle Booking Software 2.0 Cross Site Scripting
https://notcve.org/view.php?id=CVE-2023-48172
20 Nov 2023 — A Cross Site Scripting (XSS) vulnerability in Shuttle Booking Software 2.0 allows a remote attacker to inject JavaScript via the name, description, title, or address parameter to index.php. Vulnerabilidad de Cross Site Scripting (XSS) en Shuttle Booking Software 2.0 permite a un atacante remoto inyectar JavaScript a través del nombre, descripción, título o parámetro de dirección en index.php. Shuttle Booking Software version 2.0 suffers from multiple persistent cross site scripting vulnerabilities. • https://packetstorm.news/files/id/175800 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •