Skip to main content

Car Rental Management System CVE-2021-24519

MEDIUM
Cross-site Scripting (XSS) (CWE-79)
2021-08-16 contact@wpscan.com
4.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
4.8 MEDIUM
AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
High
User Interaction
Required
Scope
Changed
Confidentiality
Low
Integrity
Low
Availability
None

Lifecycle Timeline

1
CVE Published
Aug 16, 2021 - 11:15 nvd
MEDIUM 4.8

DescriptionNVD

The VikRentCar Car Rental Management System WordPress plugin before 1.1.10 does not sanitise the 'Text Next to Icon' field when adding or editing a Characteristic, allowing high privilege users such as admin to use XSS payload in it, leading to an authenticated Stored Cross-Site Scripting issue

AnalysisAI

The VikRentCar Car Rental Management System WordPress plugin before 1.1.10 does not sanitise the 'Text Next to Icon' field when adding or editing a Characteristic, allowing high privilege users such. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Technical ContextAI

This vulnerability is classified as Cross-Site Scripting (XSS) (CWE-79), which allows attackers to inject malicious scripts into web pages viewed by other users. The VikRentCar Car Rental Management System WordPress plugin before 1.1.10 does not sanitise the 'Text Next to Icon' field when adding or editing a Characteristic, allowing high privilege users such as admin to use XSS payload in it, leading to an authenticated Stored Cross-Site Scripting issue Affected products include: Vikwp Car Rental Management System. Version information: before 1.1.10.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Sanitize all user input, use Content-Security-Policy headers, encode output contextually (HTML, JS, URL). Use frameworks with built-in XSS protection.

CVE-2022-32019 CRITICAL POC
9.8 Jun 02

Car Rental Management System v1.0 is vulnerable to Arbitrary code execution via car-rental-management-system/admin/ajax.

CVE-2022-32020 CRITICAL POC
9.8 Jun 02

Car Rental Management System v1.0 is vulnerable to Arbitrary code execution via ip/car-rental-management-system/admin/aj

CVE-2020-29227 CRITICAL POC
9.8 Dec 14

An issue was discovered in Car Rental Management System 1.0. Rated critical severity (CVSS 9.8), this vulnerability is r

CVE-2020-29287 CRITICAL POC
9.8 Dec 02

An SQL injection vulnerability was discovered in Car Rental Management System v1.0 can be exploited via the id parameter

CVE-2020-27956 CRITICAL POC
9.8 Oct 28

An Arbitrary File Upload in the Upload Image component in SourceCodester Car Rental Management System 1.0 allows the use

CVE-2022-32028 HIGH POC
7.2 Jun 02

Car Rental Management System v1.0 is vulnerable to SQL Injection via /car-rental-management-system/admin/manage_user.php

CVE-2022-32027 HIGH POC
7.2 Jun 02

Car Rental Management System v1.0 is vulnerable to SQL Injection via /car-rental-management-system/admin/index.php?page=

CVE-2022-32026 HIGH POC
7.2 Jun 02

Car Rental Management System v1.0 is vulnerable to SQL Injection via /car-rental-management-system/admin/manage_booking.

CVE-2022-32025 HIGH POC
7.2 Jun 02

Car Rental Management System v1.0 is vulnerable to SQL Injection via /car-rental-management-system/admin/view_car.php?id

CVE-2022-32024 HIGH POC
7.2 Jun 02

Car Rental Management System v1.0 is vulnerable to SQL Injection via car-rental-management-system/booking.php?car_id=. R

CVE-2022-32022 HIGH POC
7.2 Jun 02

Car Rental Management System v1.0 is vulnerable to SQL Injection via /ip/car-rental-management-system/admin/ajax.php?act

CVE-2022-32021 HIGH POC
7.2 Jun 02

Car Rental Management System v1.0 is vulnerable to SQL Injection via /car-rental-management-system/admin/manage_movement

Share

CVE-2021-24519 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy