CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2020-29283
https://notcve.org/view.php?id=CVE-2020-29283
An SQL injection vulnerability was discovered in Online Doctor Appointment Booking System PHP and Mysql via the q parameter to getuser.php. Se detectó una vulnerabilidad de inyección SQL en Online Doctor Appointment Booking System PHP por medio del parámetro q en el archivo getuser.php • https://github.com/BigTiger2020/Online-Doctor-Appointment-Booking-System-PHP/blob/main/README.md https://projectworlds.in/free-projects/php-projects/online-doctor-appointment-booking-system-php-and-mysql • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2020-25273
https://notcve.org/view.php?id=CVE-2020-25273
In SourceCodester Online Bus Booking System 1.0, there is Authentication bypass on the Admin Login screen in admin.php via username or password SQL injection. En SourceCodester Online Bus Booking System versión 1.0, existe una omisión de autenticación en la pantalla Admin Login en el archivo admin.php mediante la inyección SQL del nombre de usuario o contraseña • https://github.com/Ko-kn3t/CVE-2020-25273 https://www.sourcecodester.com • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2020-25272
https://notcve.org/view.php?id=CVE-2020-25272
In SourceCodester Online Bus Booking System 1.0, there is XSS through the name parameter in book_now.php. En SourceCodester Online Bus Booking System versión 1.0, se presenta un vulnerabilidad de tipo XSS por medio del parámetro name en el archivo book_now.php • https://github.com/Ko-kn3t/CVE-2020-25272 https://www.sourcecodester.com • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2020-23984
https://notcve.org/view.php?id=CVE-2020-23984
Online Hotel Booking System Pro PHP Version 1.3 has Persistent Cross-site Scripting in Customer registration-form all-tags. Online Hotel Booking System Pro PHP versión 1.3, presenta una vulnerabilidad de tipo Cross-site Scripting Persistente en todas las etiquetas del formulario de registro del Cliente • https://packetstormsecurity.com/files/157117/Online-Hotel-Booking-System-Pro-1.3-Cross-Site-Scripting.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 1CVE-2020-15536 – Online Hotel Booking System Pro <= 1.1 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2020-15536
An issue was discovered in the bestsoftinc Hotel Booking System Pro plugin through 1.1 for WordPress. Persistent XSS can occur via any of the registration fields. Se detectó un problema en el plugin Bestsoftinc Hotel Booking System Pro versiones hasta 1.1 para WordPress. Un ataque de tipo XSS persistente puede producirse por medio de cualquiera de los campos de registro • https://packetstormsecurity.com/files/157116/WordPress-Hotel-Booking-System-Pro-1.1-Cross-Site-Scripting.html https://wpvulndb.com/vulnerabilities/10171 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •