CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda

CVE-2023-6905

CVE-2023-6903

CVE-2023-6904

CVE-2023-3907

itsourcecode Online Hotel Management System Project In PHP v1.0.0 is vulnerable to Cross Site Scripting (XSS). Remote code execution can be achieved by entering malicious code in the date selection box.

**itsourcecode\_justines\_xss\_vul****Some information**

CVE ID: CVE-2023-34486

Vendor of Product: https://itsourcecode.com/

Affected Product: justines(https://itsourcecode.com/free-projects/php-project/hotel-management-system-project-php/) - v1.0.0

Vulnerability type: xss

Attack Type: Remote

Description: itsourcecode Online Hotel Management System Project In PHP v1.0.0 is vulnerable to Cross Site Scripting (XSS). Remote code execution can be achieved by entering malicious code in the date selection box.

Position: "body"

ParamKey: "to"

payload: "<script>alert(document.cookie)</script>"

**Process description**

Enter payload in the date selection box.

The code executes successfully, displaying the user's cookie.

Packet capture data.

Headline

CVE-2023-34486: GitHub - JunyanYip/itsourcecode_justines_xss_vul

CVE: Latest News