CVE-2024-0504: code-projects Simple Online Hotel Reservation System Make a Reservation Page add_reserve.php cross site scripting
Description
A vulnerability has been found in code-projects Simple Online Hotel Reservation System 1.0 and classified as problematic. This vulnerability affects unknown code of the file add_reserve.php of the component Make a Reservation Page. The manipulation of the argument Firstname/Lastname with the input alert(1) leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-250618 is the identifier assigned to this vulnerability. In code-projects Simple Online Hotel Reservation System 1.0 wurde eine problematische Schwachstelle gefunden. Dabei geht es um eine nicht genauer bekannte Funktion der Datei add_reserve.php der Komponente Make a Reservation Page. Mittels dem Manipulieren des Arguments Firstname/Lastname mit der Eingabe alert(1) mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei über das Netzwerk erfolgen. Der Exploit steht zur öffentlichen Verfügung.
Classification
CVE ID: CVE-2024-0504
CVSS Base Severity: LOW
CVSS Base Score: 3.5
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
Problem Types
CWE-79 Cross Site ScriptingAffected Products
Vendor: code-projects
Product: Simple Online Hotel Reservation System
Exploit Prediction Scoring System (EPSS)
EPSS Score: 0.06% (probability of being exploited)
EPSS Percentile: 18.71% (scored less or equal to compared to others)
EPSS Date: 2025-06-05 (when was this score calculated)
Stakeholder-Specific Vulnerability Categorization (SSVC)
SSVC Exploitation: poc
SSVC Technical Impact: partial
SSVC Automatable: false
References
https://nvd.nist.gov/vuln/detail/CVE-2024-0504https://vuldb.com/?id.250618
https://vuldb.com/?ctiid.250618
https://drive.google.com/file/d/1BIa4jfZ9FbW9d7O3tRdAKF3tb6b5NUB6/view?usp=sharing