Tourismscripts Hotel Portal 'hotel_city' Parameter HTML Injection Vulnerability Network Vulnerability

Summary

Hotel Portal is prone to an HTML-injection vulnerability because it fails to sufficiently sanitize user-supplied data. Attacker-supplied HTML and script code would run in the context of the affected browser, potentially allowing the attacker to steal cookie- based authentication credentials or control how the site is rendered to the user. Other attacks are also possible.

References

http://www.securityfocus.com/bid/49297
http://www.tourismscripts.com

Updated on 2015-03-25

Severity

Classification

CVSS	Base Score: 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N

Related Vulnerabilities

Apache mod_proxy_ajp Information Disclosure Vulnerability
Apache Tiles Multiple XSS Vulnerability
Apache Tomcat Directory Listing and File disclosure
Apache CouchDB Cross Site Request Forgery Vulnerability
@Mail 'MailType' Parameter Cross Site Scripting Vulnerability

Take action and discover your vulnerabilities