2 results (0.002 seconds)

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0

A vulnerability, which was classified as problematic, was found in Online Banquet Booking System 1.0. Affected is an unknown function of the file /view-booking-detail.php of the component Account Detail Handler. The manipulation of the argument username leads to cross site scripting. It is possible to launch the attack remotely. VDB-240942 is the identifier assigned to this vulnerability. • https://vuldb.com/?ctiid.240942 https://vuldb.com/?id.240942 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1

A Cross-Site Request Forgery (CSRF) in Online Banquet Booking System v1.0 allows attackers to change admin credentials via a crafted POST request. Una vulnerabilidad de tipo Cross-Site Request Forgery (CSRF) en Online Banquet Booking System versión v1.0, permite a atacantes cambiar las credenciales de administrador por medio de una petición POST diseñada • https://packetstormsecurity.com/files/166587/Online-Banquet-Booking-System-1.0-Cross-Site-Request-Forgery.html • CWE-352: Cross-Site Request Forgery (CSRF) •