CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2024-0345 – CodeAstro Vehicle Booking System User Registration usr-register.php cross site scripting
https://notcve.org/view.php?id=CVE-2024-0345
A vulnerability, which was classified as problematic, was found in CodeAstro Vehicle Booking System 1.0. This affects an unknown part of the file usr/usr-register.php of the component User Registration. The manipulation of the argument Full_Name/Last_Name/Address with the input <script>alert(document.cookie)</script> leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. • https://drive.google.com/file/d/1ihxLw4kzbAbDhHtca3UnTaB-iMWHi5DJ/view?usp=sharing https://vuldb.com/?ctiid.250113 https://vuldb.com/?id.250113 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-49758 – WP Booking System <= 2.0.19.2 - Missing Authorization
https://notcve.org/view.php?id=CVE-2023-49758
The WP Booking System plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the wpbs_save_calendar_data function in versions up to, and including, 2.0.19.2. This makes it possible for authenticated attackers, with subscriber-level access and above, to save calendar data. • CWE-862: Missing Authorization •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2023-48319 – WordPress Salon booking system plugin < 8.7 - Editor+ Privilege Escalation vulnerability
https://notcve.org/view.php?id=CVE-2023-48319
Improper Privilege Management vulnerability in Salon Booking System Salon booking system allows Privilege Escalation.This issue affects Salon booking system: from n/a through 8.6. Vulnerabilidad de gestión de privilegios incorrecta en Salon Booking System. Salon booking system permite la escalada de privilegios. Este problema afecta al sistema de reservas de salones: desde n/a hasta 8.6. The Salon booking system plugin for WordPress is vulnerable to privilege escalation in all versions up to, but excluding, 8.7. • https://patchstack.com/database/vulnerability/salon-booking-system/wordpress-salon-booking-system-plugin-8-7-editor-privilege-escalation-vulnerability?_s_id=cve • CWE-269: Improper Privilege Management •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-45019 – Online Bus Booking System v1.0 - Multiple Unauthenticated SQL Injections (SQLi)
https://notcve.org/view.php?id=CVE-2023-45019
Online Bus Booking System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'category' parameter of the category.php resource does not validate the characters received and they are sent unfiltered to the database. Online Bus Booking System v1.0 es afectado por múltiples vulnerabilidades de inyección SQL no autenticada. El parámetro 'category' del recurso category.php no valida los caracteres recibidos y se envían sin filtrar a la base de datos. • https://fluidattacks.com/advisories/oconnor https://projectworlds.in • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-45018 – Online Bus Booking System v1.0 - Multiple Unauthenticated SQL Injections (SQLi)
https://notcve.org/view.php?id=CVE-2023-45018
Online Bus Booking System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'username' parameter of the includes/login.php resource does not validate the characters received and they are sent unfiltered to the database. Online Bus Booking System v1.0 es afectado por múltiples vulnerabilidades de inyección SQL no autenticada. El parámetro 'username' del recurso include/login.php no valida los caracteres recibidos y se envían sin filtrar a la base de datos. • https://fluidattacks.com/advisories/oconnor https://projectworlds.in • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •