CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2023-5305 – Online Banquet Booking System Contact Us Page mail.php cross site scripting
https://notcve.org/view.php?id=CVE-2023-5305
A vulnerability was found in Online Banquet Booking System 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /mail.php of the component Contact Us Page. The manipulation of the argument message leads to cross site scripting. The attack may be launched remotely. The identifier of this vulnerability is VDB-240944. • https://vuldb.com/?ctiid.240944 https://vuldb.com/?id.240944 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2023-5304 – Online Banquet Booking System Service Booking book-services.php cross site scripting
https://notcve.org/view.php?id=CVE-2023-5304
A vulnerability has been found in Online Banquet Booking System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /book-services.php of the component Service Booking. The manipulation of the argument message leads to cross site scripting. The attack can be launched remotely. The associated identifier of this vulnerability is VDB-240943. • https://vuldb.com/?ctiid.240943 https://vuldb.com/?id.240943 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2023-5303 – Online Banquet Booking System Account Detail view-booking-detail.php cross site scripting
https://notcve.org/view.php?id=CVE-2023-5303
A vulnerability, which was classified as problematic, was found in Online Banquet Booking System 1.0. Affected is an unknown function of the file /view-booking-detail.php of the component Account Detail Handler. The manipulation of the argument username leads to cross site scripting. It is possible to launch the attack remotely. VDB-240942 is the identifier assigned to this vulnerability. • https://vuldb.com/?ctiid.240942 https://vuldb.com/?id.240942 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-28992
https://notcve.org/view.php?id=CVE-2022-28992
A Cross-Site Request Forgery (CSRF) in Online Banquet Booking System v1.0 allows attackers to change admin credentials via a crafted POST request. Una vulnerabilidad de tipo Cross-Site Request Forgery (CSRF) en Online Banquet Booking System versión v1.0, permite a atacantes cambiar las credenciales de administrador por medio de una petición POST diseñada • https://packetstormsecurity.com/files/166587/Online-Banquet-Booking-System-1.0-Cross-Site-Request-Forgery.html • CWE-352: Cross-Site Request Forgery (CSRF) •