CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-4191 – SourceCodester Resort Reservation System index.php file inclusion
https://notcve.org/view.php?id=CVE-2023-4191
06 Aug 2023 — A vulnerability, which was classified as critical, has been found in SourceCodester Resort Reservation System 1.0. Affected by this issue is some unknown functionality of the file index.php. The manipulation of the argument page leads to file inclusion. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. • https://github.com/Yesec/Resort-Reservation-System/blob/main/local%20file%20inclusion/vuln.md • CWE-73: External Control of File Name or Path •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 1CVE-2023-24397 – WordPress Reservation.Studio widget Plugin <= 1.0.11 is vulnerable to Cross Site Scripting (XSS)
https://notcve.org/view.php?id=CVE-2023-24397
04 Jul 2023 — Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Reservation.Studio Reservation.Studio widget plugin <= 1.0.11 versions. Vulnerabilidad de Cross-Site Scripting (XSS) Almacenado en el plugin Reservation.Studio widget de Reservation.Studio que afecta a las versiones 1.0.11 e inferiores. Para explotar esta vulnerabilidad hace falta estar autenticado y tener permisos de administrador o superior. The Reservation.Studio widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via ... • https://patchstack.com/database/vulnerability/reservation-studio-widget/wordpress-reservation-studio-widget-plugin-1-0-5-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-36510 – WordPress ReDi Restaurant Reservation plugin <= 23.0211 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2023-36510
22 Jun 2023 — Missing Authorization vulnerability in Reservation Diary ReDi Restaurant Reservation allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ReDi Restaurant Reservation: from n/a through 23.0211. The ReDi Restaurant Reservation plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability check on the redi_restaurant_ajax() function in versions up to, and including, 23.0211. This makes it possible for unauthenticated attacke... • https://patchstack.com/database/wordpress/plugin/redi-restaurant-reservation/vulnerability/wordpress-redi-restaurant-reservation-plugin-23-0211-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2023-3309 – SourceCodester Resort Reservation System Manage Room Page ?page=rooms cross site scripting
https://notcve.org/view.php?id=CVE-2023-3309
18 Jun 2023 — A vulnerability classified as problematic was found in SourceCodester Resort Reservation System 1.0. Affected by this vulnerability is an unknown functionality of the file ?page=rooms of the component Manage Room Page. The manipulation of the argument Cottage Number leads to cross site scripting. The attack can be launched remotely. • https://kr1shna4garwal.github.io/posts/cve-poc-2023/#cve-2023-3309 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2023-2824 – SourceCodester Dental Clinic Appointment Reservation System POST Parameter service.php cross site scripting
https://notcve.org/view.php?id=CVE-2023-2824
20 May 2023 — A vulnerability was found in SourceCodester Dental Clinic Appointment Reservation System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /admin/service.php of the component POST Parameter Handler. The manipulation of the argument service leads to cross site scripting. The attack may be launched remotely. • https://github.com/daxian2022/CVE/blob/main/XSS.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2023-2364 – SourceCodester Resort Reservation System registration.php cross site scripting
https://notcve.org/view.php?id=CVE-2023-2364
28 Apr 2023 — A vulnerability, which was classified as problematic, was found in SourceCodester Resort Reservation System 1.0. Affected is an unknown function of the file registration.php. The manipulation of the argument fullname leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. • https://github.com/navaidzansari/CVE_Demo/blob/main/2023/Resort_Reservation_System-Stored-Cross-Site-Scripting-1.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-2363 – SourceCodester Resort Reservation System view_room.php sql injection
https://notcve.org/view.php?id=CVE-2023-2363
28 Apr 2023 — A vulnerability, which was classified as critical, has been found in SourceCodester Resort Reservation System 1.0. This issue affects some unknown processing of the file view_room.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. • https://github.com/navaidzansari/CVE_Demo/blob/main/2023/Resort_Reservation_System-SQL-Injection-1.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-1100 – SourceCodester Online Catering Reservation System POST Parameter add_message.php sql injection
https://notcve.org/view.php?id=CVE-2023-1100
28 Feb 2023 — A vulnerability classified as critical has been found in SourceCodester Online Catering Reservation System 1.0. This affects an unknown part of the file /reservation/add_message.php of the component POST Parameter Handler. The manipulation of the argument fullname leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. • https://github.com/jackswordsz/bug_report/blob/main/vendors/emoblazz/Online%20Catering%20Reservation%20System/SQLi-1.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-1037 – SourceCodester Dental Clinic Appointment Reservation System POST Parameter login.php sql injection
https://notcve.org/view.php?id=CVE-2023-1037
26 Feb 2023 — A vulnerability was found in SourceCodester Dental Clinic Appointment Reservation System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /APR/login.php of the component POST Parameter Handler. The manipulation of the argument username leads to sql injection. The attack may be initiated remotely. • https://github.com/nightcloudos/bug_report/blob/main/vendors/jkev/Dental%20Clinic%20Appointment%20Reservation%20System/SQLi-1.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2023-1036 – SourceCodester Dental Clinic Appointment Reservation System POST Parameter signup.php cross site scripting
https://notcve.org/view.php?id=CVE-2023-1036
26 Feb 2023 — A vulnerability was found in SourceCodester Dental Clinic Appointment Reservation System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file /APR/signup.php of the component POST Parameter Handler. The manipulation of the argument firstname leads to cross site scripting. The attack can be initiated remotely. • https://github.com/nightcloudos/bug_report/blob/main/vendors/jkev/Dental%20Clinic%20Appointment%20Reservation%20System/XSS-1.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •