Vulnerabilities > CVE-2022-1408 - Unspecified vulnerability in Vikwp Hotel Booking Engine & PMS

CVSS 4.8 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

HIGH

Confidentiality impact

LOW

Integrity impact

LOW

Availability impact

NONE

network

low complexity

vikwp

NVD

Published: 2022-05-16

Updated: 2024-11-21

Summary

The VikBooking Hotel Booking Engine & PMS WordPress plugin before 1.5.8 does not escape various settings before outputting them in attributes, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed

Vulnerable Configurations

Part	Description	Count
Application	Vikwp Vikwp Hotel Booking Engine & PMS *	1

References

https://wpscan.com/vulnerability/48dccf4c-07e0-4877-867d-f8f43aeb5705
https://wpscan.com/vulnerability/48dccf4c-07e0-4877-867d-f8f43aeb5705