CVSS: 6.1EPSS: 0%CPEs: -EXPL: 0CVE-2024-42761
https://notcve.org/view.php?id=CVE-2024-42761
A Stored Cross Site Scripting (XSS) vulnerability was found in "/admin_schedule.php" in Kashipara Bus Ticket Reservation System v1.0, which allows remote attackers to execute arbitrary code via scheduleDurationPHP parameter. • https://github.com/takekaramey/CVE_Writeup/blob/main/Kashipara/Bus%20Ticket%20Reservation%20System%20v1.0/Stored%20XSS%20-%20Bus%20Schedule%20List.pdf https://www.kashipara.com • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: -EXPL: 0CVE-2024-42762
https://notcve.org/view.php?id=CVE-2024-42762
A Stored Cross Site Scripting (XSS) vulnerability was found in "/history.php" in Kashipara Bus Ticket Reservation System v1.0, which allows remote attackers to execute arbitrary code via the Name, Phone, and Email parameter fields. • https://github.com/takekaramey/CVE_Writeup/blob/main/Kashipara/Bus%20Ticket%20Reservation%20System%20v1.0/Stored%20XSS%20-%20Customer%20Booking%20List.pdf https://www.kashipara.com • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-42599
https://notcve.org/view.php?id=CVE-2024-42599
SeaCMS 13.0 has a remote code execution vulnerability. The reason for this vulnerability is that although admin_files.php imposes restrictions on edited files, attackers can still bypass these restrictions and write code, allowing authenticated attackers to exploit the vulnerability to execute arbitrary commands and gain system privileges. • https://gitee.com/fushuling/cve/blob/master/CVE-2024-42599.md https://gitee.com/fushuling/cve/blob/master/SeaCMS%20V13%20admin_files.php%20code%20injection.md • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.2EPSS: 0%CPEs: -EXPL: 0CVE-2024-42767
https://notcve.org/view.php?id=CVE-2024-42767
Kashipara Hotel Management System v1.0 is vulnerable to Unrestricted File Upload RCE via /admin/add_room_controller.php. • https://cwe.mitre.org/data/definitions/434.html https://github.com/takekaramey/CVE_Writeup/blob/main/Kashipara/Hotel%20Management%20System%20v1.0/Unrestricted%20File%20Upload.pdf • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 4.7EPSS: 0%CPEs: -EXPL: 0CVE-2024-42770
https://notcve.org/view.php?id=CVE-2024-42770
A Stored Cross Site Scripting (XSS) vulnerability was found in "/core/signup_user.php" of Kashipara Hotel Management System v1.0, which allows remote attackers to execute arbitrary code via the "user_email" parameter. • https://github.com/takekaramey/CVE_Writeup/blob/main/Kashipara/Hotel%20Management%20System%20v1.0/Stored%20XSS%20-%20Sign%20UP.pdf https://www.kashipara.com • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •