CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0CVE-2025-5185 – Summer Pearl Group Vacation Rental Management Platform cross-site request forgery
https://notcve.org/view.php?id=CVE-2025-5185
26 May 2025 — A vulnerability was found in Summer Pearl Group Vacation Rental Management Platform up to 1.0.1. It has been declared as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross-site request forgery. The attack can be launched remotely. • https://summerpearlgroup.gr/spgpm/releases • CWE-352: Cross-Site Request Forgery (CSRF) CWE-862: Missing Authorization •
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0CVE-2025-5184 – Summer Pearl Group Vacation Rental Management Platform HTTP Response Header information disclosure
https://notcve.org/view.php?id=CVE-2025-5184
26 May 2025 — A vulnerability was found in Summer Pearl Group Vacation Rental Management Platform up to 1.0.1. It has been classified as problematic. Affected is an unknown function of the component HTTP Response Header Handler. The manipulation leads to information disclosure. It is possible to launch the attack remotely. • https://summerpearlgroup.gr/spgpm/releases • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-284: Improper Access Control •
CVSS: 5.1EPSS: 0%CPEs: 2EXPL: 0CVE-2025-5183 – Summer Pearl Group Vacation Rental Management Platform Header redirect
https://notcve.org/view.php?id=CVE-2025-5183
26 May 2025 — A vulnerability was found in Summer Pearl Group Vacation Rental Management Platform up to 1.0.1 and classified as problematic. This issue affects some unknown processing of the component Header Handler. The manipulation of the argument Host leads to open redirect. The attack may be initiated remotely. Upgrading to version 1.0.2 is able to address this issue. • https://summerpearlgroup.gr/spgpm/releases • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0CVE-2025-5182 – Summer Pearl Group Vacation Rental Management Platform Listing authorization
https://notcve.org/view.php?id=CVE-2025-5182
26 May 2025 — A vulnerability has been found in Summer Pearl Group Vacation Rental Management Platform up to 1.0.1 and classified as critical. This vulnerability affects unknown code of the component Listing Handler. The manipulation leads to authorization bypass. The attack can be initiated remotely. Upgrading to version 1.0.2 is able to address this issue. • https://github.com/Stolichnayer/Summer-Pearl-Group-IDOR-XSS • CWE-285: Improper Authorization CWE-639: Authorization Bypass Through User-Controlled Key •
CVSS: 5.1EPSS: 0%CPEs: 2EXPL: 1CVE-2025-5181 – Summer Pearl Group Vacation Rental Management Platform updateListing cross site scripting
https://notcve.org/view.php?id=CVE-2025-5181
26 May 2025 — A vulnerability, which was classified as problematic, was found in Summer Pearl Group Vacation Rental Management Platform up to 1.0.1. This affects an unknown part of the file /spgpm/updateListing. The manipulation of the argument spgLsTitle leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. • https://github.com/Stolichnayer/Summer-Pearl-Group-IDOR-XSS • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •