CVE-2023-5303 — Cross-site Scripting in Online Banquet Booking System

CWE-79 — Cross-site Scripting3 documents3 sources

Severity

6.1MEDIUMNVD

CNA3.5

EPSS

0.1%

top 81.56%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Phpgurukul Online Banquet Booking System

Timeline

PublishedSep 30

Description

A vulnerability, which was classified as problematic, was found in Online Banquet Booking System 1.0. Affected is an unknown function of the file /view-booking-detail.php of the component Account Detail Handler. The manipulation of the argument username leads to cross site scripting. It is possible to launch the attack remotely. VDB-240942 is the identifier assigned to this vulnerability.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages2 packages

▶CVEListV5phpgurukul/online_banquet_booking_system1.0

▶NVDphpgurukul/online_banquet_booking_system1.0

🔴Vulnerability Details

CVEList

Online Banquet Booking System Account Detail view-booking-detail.php cross site scripting↗2023-09-30

▶

GHSA

GHSA-mjhr-4prj-rp28: A vulnerability, which was classified as problematic, was found in Online Banquet Booking System 1↗2023-09-30

▶