Skip to content
This repository was archived by the owner on Jul 5, 2023. It is now read-only.
This repository was archived by the owner on Jul 5, 2023. It is now read-only.

HotelManager v1.2 is vulnerable to Cross Site Scripting (Stored XSS). #49

Open
Open
HotelManager v1.2 is vulnerable to Cross Site Scripting (Stored XSS).#49
@BrunoTeixeira1996

Description

@BrunoTeixeira1996
BrunoTeixeira1996
opened on Nov 4, 2022

Affected Product Code Base

HotelManager - v1.2

Affected Component

Kernel.php; Middleware

Attack Type

Remote

Attack Vectors

To exploit this vulnerability the user needs to create "rooms" or "guests" or "reservations" or "users" and in the "comment" or "contact" field can execute a xss payload without even doing any bypass.

This is a stored XSS since I was able to store payloads on endpoints (rooms, guests, ...) and trigger them using different accounts.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions