GCVE - cpe:2.3:a:kashipara:hotel_management:1.0:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:kashipara:hotel_management:1.0:*:*:*:*:*:*:*

part: a version: 1.0 update: *

Vendor	Kashipara (`6b7db86c-2a94-5a2d-adbe-6158c7191f84`)
Product	Hotel Management (`21366620-1c28-5fd9-9376-88372b3b3d61`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from NVD CPE 2.0 feed

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2024-42770`	vulnerable	2026-06-03 14:56:42.972427	Details available A Stored Cross Site Scripting (XSS) vulnerability was found in "/core/signup_user.php" of Kashipara Hotel Management System v1.0, which allows remote attackers to execute arbitrary code via the "user_email" parameter. Published: 2024-08-22T00:00:00.000Z Updated: 2024-08-22T15:58:44.840Z Open on db.gcve.eu Reference links https://www.kashipara.com/ https://github.com/takekaramey/CVE_Writeup/blob/main/Kashipara/Hotel%20Management%20System%20v1.0/Stored%20XSS%20-%20Sign%20UP.pdf	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-42768`	vulnerable	2026-06-03 14:56:42.971490	Details available A Cross-Site Request Forgery (CSRF) vulnerability was found in Kashipara Hotel Management System v1.0 via /admin/delete_room.php. Published: 2024-08-22T00:00:00.000Z Updated: 2024-08-22T18:11:08.849Z Open on db.gcve.eu Reference links https://cwe.mitre.org/data/definitions/352.html https://github.com/takekaramey/CVE_Writeup/blob/main/Kashipara/Hotel%20Management%20System%20v1.0/CSRF.pdf	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2023-49272`	vulnerable	2026-06-03 14:53:20.583207	Hotel Management v1.0 - Multiple Reflected Cross-Site Scripting (XSS) MEDIUM (5.4) Hotel Management v1.0 is vulnerable to multiple authenticated Reflected Cross-Site Scripting vulnerabilities. The 'children' parameter of the reservation.php resource is copied into the HTML document as plain text between tags. Any input is echoed unmodified in the application's response. Published: 2023-12-20T19:25:08.511Z Updated: 2025-05-19T14:47:29.612Z Open on db.gcve.eu Reference links https://fluidattacks.com/advisories/lang/ https://www.kashipara.com/	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2023-49271`	vulnerable	2026-06-03 14:53:20.582871	Hotel Management v1.0 - Multiple Reflected Cross-Site Scripting (XSS) MEDIUM (5.4) Hotel Management v1.0 is vulnerable to multiple authenticated Reflected Cross-Site Scripting vulnerabilities. The 'check_out_date' parameter of the reservation.php resource is copied into the HTML document as plain text between tags. Any input is echoed unmodified in the application's response. Published: 2023-12-20T19:24:15.907Z Updated: 2025-05-19T14:47:07.566Z Open on db.gcve.eu Reference links https://fluidattacks.com/advisories/lang/ https://www.kashipara.com/	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2023-49270`	vulnerable	2026-06-03 14:53:20.582363	Hotel Management v1.0 - Multiple Reflected Cross-Site Scripting (XSS) MEDIUM (5.4) Hotel Management v1.0 is vulnerable to multiple authenticated Reflected Cross-Site Scripting vulnerabilities. The 'check_in_date' parameter of the reservation.php resource is copied into the HTML document as plain text between tags. Any input is echoed unmodified in the application's response. Published: 2023-12-20T19:21:34.658Z Updated: 2025-05-19T14:46:41.685Z Open on db.gcve.eu Reference links https://fluidattacks.com/advisories/lang/ https://www.kashipara.com/	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.