To exploit this vulnerability the user needs to create "rooms" or "guests" or "reservations" or "users" and in the "comment" or "contact" field can execute a xss payload without even doing any bypass.
This is a stored XSS since I was able to store payloads on endpoints (rooms, guests, ...) and trigger them using different accounts.
The text was updated successfully, but these errors were encountered:
BrunoTeixeira1996
changed the title
Saibamen HotelManager v1.2 is vulnerable to Cross Site Scripting (XSS).
HotelManager v1.2 is vulnerable to Cross Site Scripting (XSS).
Nov 4, 2022
BrunoTeixeira1996
changed the title
HotelManager v1.2 is vulnerable to Cross Site Scripting (XSS).
HotelManager v1.2 is vulnerable to Cross Site Scripting (Stored XSS).
Nov 5, 2022
Affected Product Code Base
HotelManager - v1.2
Affected Component
Kernel.php; Middleware
Attack Type
Remote
Attack Vectors
To exploit this vulnerability the user needs to create "rooms" or "guests" or "reservations" or "users" and in the "comment" or "contact" field can execute a xss payload without even doing any bypass.
This is a stored XSS since I was able to store payloads on endpoints (rooms, guests, ...) and trigger them using different accounts.
The text was updated successfully, but these errors were encountered: