CVE-2021-39473
MEDIUMSaibamen HotelManager v1.2 - Stored Cross-Site Scripting via Comment and Contact Fields
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2021-39473. PoCs published by BrunoTeixeira1996.
AI-analyzed exploit summary This repository provides a technical description of a stored XSS vulnerability in HotelManager v1.2, where malicious payloads can be injected via comment or contact fields in various endpoints (rooms, guests, reservations, users). The vulnerability is confirmed via GitHub issue links and requires user interaction to trigger.
Description
Saibamen HotelManager v1.2 is vulnerable to Cross Site Scripting (XSS) due to improper sanitization of comment and contact fields.
Exploits (1)
This repository provides a technical description of a stored XSS vulnerability in HotelManager v1.2, where malicious payloads can be injected via comment or contact fields in various endpoints (rooms, guests, reservations, users). The vulnerability is confirmed via GitHub issue links and requires user interaction to trigger.
References (3)
Scores
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N