Home Tools Exploits & CVE's Shuttle Booking Software 2.0 Cross Site Scripting

Shuttle Booking Software 2.0 Cross Site Scripting

November 25, 2023

166

Shuttle Booking Software version 2.0 suffers from multiple persistent cross site scripting vulnerabilities.

advisories | CVE-2023-48172

# Exploit Title: Shuttle Booking Software v2.0 - Multiple Stored Cross-Site
Scripting (Authenticated)
# Date: 09/11/2023
# Exploit Author: BugsBD Security Researcher (Rahad Chowdhury)
# Vendor Homepage: https://www.phpjabbers.com/shuttle-booking-software/
# Software Link: https://www.phpjabbers.com/shuttle-booking-software/
# Version: v2.0
# Tested on: Windows 10, Kali Linux
# CVE: CVE-2023-48172

Descriptions:
Cross Site Scripting vulnerability in Shuttle Booking Software v.2.0 allows
a remote attacker to execute arbitrary code via the name, description,
title and address parameters in the index.php page.


Steps to Reproduce:
1. At first login your panel.
2. Then use any XSS Payload in "name, description, title and address"
parameters in Location, Lines and Users menus.
3. You will see XSS pop up.

## Reproduce:
[href](https://github.com/bugsbd/CVE/tree/main/2023/CVE-2023-48172)

Shuttle Booking Software 2.0 Cross Site Scripting

Follow us on Instagram @thecyberpost

EDITOR PICKS

Chyrp 2.5.2 Cross Site Scripting

Apache mod_proxy_cluster Cross Site Scripting

Backdoor.Win32.AsyncRat MVID-2024-0683 Code Execution

POPULAR POSTS

ESET NOD32 Antivirus 17.1.11.0 Unquoted Service Path

Restaurant Reservation System Patches Easy-to-Exploit XSS Bug

Sniffle – A Sniffer For Bluetooth 5 And 4.X LE

POPULAR CATEGORY

Git LFS Clone Command Execution

Online Library Management System 3 Password Reset

Simple Task List 1.0 SQL Injection