CVE-2019-12345 β€” Cross-site Scripting in Hostel

CWE-79 β€” Cross-site Scripting5 documents5 sources
Severity
6.1MEDIUMNVD
EPSS
0.5%
top 35.50%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Kibokolabs Hostel
Timeline
PublishedMay 27
Latest updateMay 24

Description

XSS exists in the Kiboko Hostel plugin before 1.1.4 for WordPress.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages1 packages

β–ΆNVDkibokolabs/hostel< 1.1.4

πŸ”΄Vulnerability Details

2
GHSA
GHSA-cgrx-qg4h-wfh8: XSS exists in the Kiboko Hostel plugin before 1β†—2022-05-24
β–Ά
CVEList
CVE-2019-12345: XSS exists in the Kiboko Hostel plugin before 1β†—2019-05-27
β–Ά

πŸ’₯Exploits & PoCs

1
Exploit-DB
iScripts ReserveLogic - SQL Injection↗2019-04-03
β–Ά

πŸ’¬Community

1
HackerOne
LFI with potential to RCE on β–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆ using CVE-2019-3396β†—2019-10-04
β–Ά
CVE-2019-12345 β€” Cross-site Scripting in Hostel | cvebase