Vulnerabilities > Bookingcore

DATE CVE VULNERABILITY TITLE RISK
2021-10-04 CVE-2021-37330 Cross-site Scripting vulnerability in Bookingcore Booking Core 2.0
Laravel Booking System Booking Core 2.0 is vulnerable to Cross Site Scripting (XSS).
3.5
2021-10-04 CVE-2021-37331 Authorization Bypass Through User-Controlled Key vulnerability in Bookingcore Booking Core 2.0
Laravel Booking System Booking Core 2.0 is vulnerable to Incorrect Access Control.
network
low complexity
bookingcore CWE-639
5.0
2021-10-04 CVE-2021-37333 Insufficient Session Expiration vulnerability in Bookingcore Booking Core 2.0
Laravel Booking System Booking Core 2.0 is vulnerable to Session Management.
network
low complexity
bookingcore CWE-613
7.5
2021-07-14 CVE-2020-25444 Cross-site Scripting vulnerability in Bookingcore Booking Core 1.7.0
Cross Site Scripting (XSS) vulnerability in Booking Core - Ultimate Booking System Booking Core 1.7.0 via the (1) "About Yourself” section under the “My Profile” page, " (2) “Hotel Policy” field under the “Hotel Details” page, (3) “Pricing code” and “name” fields under the “Manage Tour” page, and (4) all the labels under the “Menu” section.
network
low complexity
bookingcore CWE-79
5.4
2021-07-14 CVE-2020-25445 Improper Neutralization of Formula Elements in a CSV File vulnerability in Bookingcore Booking Core 1.7.0
The “Subscribe” feature in Ultimate Booking System Booking Core 1.7.0 is vulnerable to CSV formula injection.
local
low complexity
bookingcore CWE-1236
7.8
2021-07-14 CVE-2020-27379 Cross-Site Request Forgery (CSRF) vulnerability in Bookingcore Booking Core 1.7.0
Cross Site Request Forgery (CSRF) vulnerability in Booking Core - Ultimate Booking System Booking Core 1.7.0 .
network
low complexity
bookingcore CWE-352
6.5