CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-49294 – WordPress WpBusTicketly plugin <= 5.4.3 - Cross Site Request Forgery (CSRF) vulnerability
https://notcve.org/view.php?id=CVE-2024-49294
06 Jan 2025 — Cross-Site Request Forgery (CSRF) vulnerability in MagePeople Team Bus Ticket Booking with Seat Reservation allows Cross Site Request Forgery.This issue affects Bus Ticket Booking with Seat Reservation: from n/a through 5.4.3. La vulnerabilidad de Cross-Site Request Forgery (CSRF) en MagePeople Team Bus Ticket Booking con Seat Reservation permite Cross Site Request Forgery. Este problema afecta a la reserva de boletos de autobús con reserva de asiento: desde n/a hasta 5.4.3. The Bus Ticket Booking with Seat... • https://patchstack.com/database/wordpress/plugin/bus-ticket-booking-with-seat-reservation/vulnerability/wordpress-wpbusticketly-plugin-5-4-3-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-43985 – WordPress Bus Ticket Booking with Seat Reservation plugin <= 5.3.5 - Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-43985
28 Aug 2024 — Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in MagePeople Team Bus Ticket Booking with Seat Reservation allows Stored XSS.This issue affects Bus Ticket Booking with Seat Reservation: from n/a through 5.3.5. The Bus Ticket Booking with Seat Reservation plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 5.3.5 due to insufficient input sanitization and output escaping. This makes it possible for authe... • https://patchstack.com/database/vulnerability/bus-ticket-booking-with-seat-reservation/wordpress-bus-ticket-booking-with-seat-reservation-plugin-5-3-5-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-38737 – WordPress ReDi Restaurant Reservation plugin <= 24.0422 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2024-38737
11 Jul 2024 — Missing Authorization vulnerability in Reservation Diary ReDi Restaurant Reservation allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects ReDi Restaurant Reservation: from n/a through 24.0422. The ReDi Restaurant Reservation plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the redi_restaurant_admin_menu_link_new() function in versions up to, and including, 24.0422. This makes it possible for unauthenticated attackers t... • https://patchstack.com/database/vulnerability/redi-restaurant-reservation/wordpress-redi-restaurant-reservation-plugin-24-0422-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-31385 – WordPress ReDi Restaurant Reservation plugin <= 24.0128 - Cross Site Request Forgery (CSRF) vulnerability
https://notcve.org/view.php?id=CVE-2024-31385
10 Apr 2024 — Cross-Site Request Forgery (CSRF) vulnerability in Reservation Diary ReDi Restaurant Reservation.This issue affects ReDi Restaurant Reservation: from n/a through 24.0128. Vulnerabilidad de Cross-Site Request Forgery (CSRF) en Reservation Diary ReDi Restaurant Reservation. Este problema afecta a la reserva de restaurante ReDi: desde n/a hasta 24.0128. The ReDi Restaurant Reservation plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 24.0128. This is due to miss... • https://patchstack.com/database/vulnerability/redi-restaurant-reservation/wordpress-redi-restaurant-reservation-plugin-24-0128-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-31299 – WordPress ReDi Restaurant Reservation plugin <= 24.0128 - Cross Site Request Forgery (CSRF) to XSS vulnerability
https://notcve.org/view.php?id=CVE-2024-31299
05 Apr 2024 — Cross-Site Request Forgery (CSRF) vulnerability in Reservation Diary ReDi Restaurant Reservation allows Cross-Site Scripting (XSS).This issue affects ReDi Restaurant Reservation: from n/a through 24.0128. The ReDi Restaurant Reservation plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 24.0128. This is due to missing or incorrect nonce validation on the redi_restaurant_admin_options_page() function. This makes it possible for unauthenticated attackers to modi... • https://patchstack.com/database/vulnerability/redi-restaurant-reservation/wordpress-redi-restaurant-reservation-plugin-24-0128-cross-site-request-forgery-csrf-to-xss-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-29806 – WordPress ReDi Restaurant Reservation plugin <= 24.0128 - Reflected Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-29806
25 Mar 2024 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Reservation Diary ReDi Restaurant Reservation allows Reflected XSS.This issue affects ReDi Restaurant Reservation: from n/a through 24.0128. Neutralización inadecuada de la entrada durante la vulnerabilidad de generación de páginas web ('Cross-site Scripting') en Reservation Diary ReDi Restaurant Reservation permite XSS reflejado. Este problema afecta a la reserva de restaurante ReDi: desde n/a hasta 24.012... • https://patchstack.com/database/vulnerability/redi-restaurant-reservation/wordpress-redi-restaurant-reservation-plugin-24-0128-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2024-0782 – CodeAstro Online Railway Reservation System pass-profile.php cross site scripting
https://notcve.org/view.php?id=CVE-2024-0782
22 Jan 2024 — A vulnerability has been found in CodeAstro Online Railway Reservation System 1.0 and classified as problematic. This vulnerability affects unknown code of the file pass-profile.php. The manipulation of the argument First Name/Last Name/User Name leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. • https://drive.google.com/drive/folders/1ecVTReqCS_G8svyq3MG79E2y59psMcPn?usp=sharing • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2023-43458
https://notcve.org/view.php?id=CVE-2023-43458
25 Sep 2023 — Cross Site Scripting (XSS) vulnerability in Resort Reservation System v.1.0 allows a remote attacker to execute arbitrary code and obtain sensitive information via the room, name, and description parameters in the manage_room function. La vulnerabilidad de Cross Site Scripting (XSS) en Resort Reservation System v.1.0 permite a un atacante remoto ejecutar código arbitrario y obtener información sensible a través de los parámetros de habitación, nombre y descripción en la función administrar_habitación. • https://samh4cks.github.io/posts/cve-2023-43458 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-4193 – SourceCodester Resort Reservation System view_fee.php sql injection
https://notcve.org/view.php?id=CVE-2023-4193
07 Aug 2023 — A vulnerability has been found in SourceCodester Resort Reservation System 1.0 and classified as critical. This vulnerability affects unknown code of the file view_fee.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. • https://github.com/Yesec/Resort-Reservation-System/blob/main/SQL%20Injection%20in%20view_fee.php/vuln.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-4192 – SourceCodester Resort Reservation System manage_user.php sql injection
https://notcve.org/view.php?id=CVE-2023-4192
06 Aug 2023 — A vulnerability, which was classified as critical, was found in SourceCodester Resort Reservation System 1.0. This affects an unknown part of the file manage_user.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. • https://github.com/Yesec/Resort-Reservation-System/blob/main/SQL%20Injection%20in%20manage_user.php/vuln.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •