Vulnerability Details CVE-2020-25444
Cross Site Scripting (XSS) vulnerability in Booking Core - Ultimate Booking System Booking Core 1.7.0 via the (1) "About Yourself” section under the “My Profile” page, " (2) “Hotel Policy” field under the “Hotel Details” page, (3) “Pricing code” and “name” fields under the “Manage Tour” page, and (4) all the labels under the “Menu” section.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.006
EPSS Ranking 43.8%
CVSS Severity
CVSS v3 Score 5.4
CVSS v2 Score 3.5
References
Products affected by CVE-2020-25444
-
cpe:2.3:a:bookingcore:booking_core:1.7.0