{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2023-5304","assignerOrgId":"1af790b2-7ee1-4545-860a-a788eba489b5","state":"PUBLISHED","assignerShortName":"VulDB","dateReserved":"2023-09-29T16:25:02.975Z","datePublished":"2023-09-30T14:00:08.799Z","dateUpdated":"2024-08-02T07:52:08.629Z"},"containers":{"cna":{"providerMetadata":{"orgId":"1af790b2-7ee1-4545-860a-a788eba489b5","shortName":"VulDB","dateUpdated":"2023-10-25T05:03:03.716Z"},"title":"Online Banquet Booking System Service Booking book-services.php cross site scripting","problemTypes":[{"descriptions":[{"type":"CWE","cweId":"CWE-79","lang":"en","description":"CWE-79 Cross Site Scripting"}]}],"affected":[{"vendor":"n/a","product":"Online Banquet Booking System","versions":[{"version":"1.0","status":"affected"}],"modules":["Service Booking"]}],"descriptions":[{"lang":"en","value":"A vulnerability has been found in Online Banquet Booking System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /book-services.php of the component Service Booking. The manipulation of the argument message leads to cross site scripting. The attack can be launched remotely. The associated identifier of this vulnerability is VDB-240943."},{"lang":"de","value":"In Online Banquet Booking System 1.0 wurde eine Schwachstelle gefunden. Sie wurde als problematisch eingestuft. Dabei geht es um eine nicht genauer bekannte Funktion der Datei /book-services.php der Komponente Service Booking. Durch Beeinflussen des Arguments message mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei über das Netzwerk erfolgen."}],"metrics":[{"cvssV3_1":{"version":"3.1","baseScore":3.5,"vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N","baseSeverity":"LOW"}},{"cvssV3_0":{"version":"3.0","baseScore":3.5,"vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N","baseSeverity":"LOW"}},{"cvssV2_0":{"version":"2.0","baseScore":4,"vectorString":"AV:N/AC:L/Au:S/C:N/I:P/A:N"}}],"timeline":[{"time":"2023-09-29T00:00:00.000Z","lang":"en","value":"Advisory disclosed"},{"time":"2023-09-29T00:00:00.000Z","lang":"en","value":"CVE reserved"},{"time":"2023-09-29T02:00:00.000Z","lang":"en","value":"VulDB entry created"},{"time":"2023-10-22T16:49:32.000Z","lang":"en","value":"VulDB entry last update"}],"references":[{"url":"https://vuldb.com/?id.240943","tags":["vdb-entry","technical-description"]},{"url":"https://vuldb.com/?ctiid.240943","tags":["signature"]}]},"adp":[{"affected":[{"vendor":"anujk305","product":"online_banquet_booking_system","cpes":["cpe:2.3:a:anujk305:online_banquet_booking_system:1.0:*:*:*:*:*:*:*"],"defaultStatus":"unknown","versions":[{"version":"1.0","status":"affected"}]}],"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2024-06-05T20:08:13.575862Z","id":"CVE-2023-5304","options":[{"Exploitation":"poc"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2024-06-05T20:10:57.535Z"}},{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-02T07:52:08.629Z"},"title":"CVE Program Container","references":[{"url":"https://vuldb.com/?id.240943","tags":["vdb-entry","technical-description","x_transferred"]},{"url":"https://vuldb.com/?ctiid.240943","tags":["signature","x_transferred"]}]}]}}