Headline
CVE-2022-48091: tramyardg-hotel-mgmt-system of version2022.4 has a Cross Site Script(XSS) vulnerability · Issue #22 · tramyardg/hotel-mgmt-system
Tramyardg hotel-mgmt-system version 2022.4 is vulnerable to Cross Site Scripting (XSS) via process_update_profile.php.
List of Vulnerable path
Vulnerable path /app/process_update_profile.php
Lines 32-37 of the “process_update_profile.php” file,there is no filtering,so cause Cross Site Script.
In fact,the filter was forgot.Another file has a filter . Its path /app/process_registration.php
The data is safe when user register,but it is unsafe after update.
Vulnerability exploitation process:
register a new account.
login the user and click "update profile".
input poc and submit.
The administrator will trigger it.
POC code:
<script>alert('youyou_pm10’+document.cookie);</script>