CVE-2020-25444

Published: Jul 14, 2021Modified: Jun 17, 2026

5.4

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Exploitability: 2.3 / Impact: 2.7

Source: NVD

Description

Cross Site Scripting (XSS) vulnerability in Booking Core - Ultimate Booking System Booking Core 1.7.0 via the (1) "About Yourself” section under the “My Profile” page, " (2) “Hotel Policy” field under the “Hotel Details” page, (3) “Pricing code” and “name” fields under the “Manage Tour” page, and (4) all the labels under the “Menu” section.

Affected (1)

Products: Bookingcore: Booking Core

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Bookingcore Booking Core	Version 1.7.0

Related CWEs

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

References (2)

https://medium.com/%40singh.satyam158/vulnerabilities-in-booking-core-1-7-d85d1dfae44e

Source: cve@mitre.org

https://medium.com/%40singh.satyam158/vulnerabilities-in-booking-core-1-7-d85d1dfae44e

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.