Search criteria
4 vulnerabilities found for VikRentCar Car Rental Management System by Unknown
CVE-2024-1845 (GCVE-0-2024-1845)
Vulnerability from nvd – Published: 2024-07-11 06:00 – Updated: 2024-08-01 18:56
VLAI?
Title
VikRentCar Car Rental Management System < 1.3.2 - Cross Site Request Forgery
Summary
The VikRentCar Car Rental Management System WordPress plugin before 1.3.2 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks
Severity ?
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Unknown | VikRentCar Car Rental Management System |
Affected:
0 , < 1.3.2
(semver)
|
Credits
Srikar V
WPScan
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:e4j:vikrentcar_car_rental_management_system:*:*:*:*:*:wordpress:*:*"
],
"defaultStatus": "unaffected",
"product": "vikrentcar_car_rental_management_system",
"vendor": "e4j",
"versions": [
{
"lessThan": "1.3.2",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-1845",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-31T15:38:47.675984Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-31T17:22:15.089Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T18:56:22.201Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"exploit",
"vdb-entry",
"technical-description",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/a8d7b564-36e0-4f05-9b49-1b441f453d0a/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "VikRentCar Car Rental Management System",
"vendor": "Unknown",
"versions": [
{
"lessThan": "1.3.2",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Srikar V"
},
{
"lang": "en",
"type": "coordinator",
"value": "WPScan"
}
],
"descriptions": [
{
"lang": "en",
"value": "The VikRentCar Car Rental Management System WordPress plugin before 1.3.2 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-352 Cross-Site Request Forgery (CSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-11T06:00:02.403Z",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"exploit",
"vdb-entry",
"technical-description"
],
"url": "https://wpscan.com/vulnerability/a8d7b564-36e0-4f05-9b49-1b441f453d0a/"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "VikRentCar Car Rental Management System \u003c 1.3.2 - Cross Site Request Forgery",
"x_generator": {
"engine": "WPScan CVE Generator"
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2024-1845",
"datePublished": "2024-07-11T06:00:02.403Z",
"dateReserved": "2024-02-23T15:48:11.778Z",
"dateUpdated": "2024-08-01T18:56:22.201Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-24519 (GCVE-0-2021-24519)
Vulnerability from nvd – Published: 2021-08-16 10:48 – Updated: 2024-08-03 19:35
VLAI?
Title
Vik Rent Car < 1.1.10 - Authenticated Stored Cross-Site Scripting (XSS)
Summary
The VikRentCar Car Rental Management System WordPress plugin before 1.1.10 does not sanitise the 'Text Next to Icon' field when adding or editing a Characteristic, allowing high privilege users such as admin to use XSS payload in it, leading to an authenticated Stored Cross-Site Scripting issue
Severity ?
No CVSS data available.
CWE
- CWE-79 - Cross-site Scripting (XSS)
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Unknown | VikRentCar Car Rental Management System |
Affected:
1.1.10 , < 1.1.10
(custom)
|
Credits
Muhammad Daffa
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:35:20.093Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/368828f9-fdd1-4a82-8658-20e0f4c4da0c"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "VikRentCar Car Rental Management System",
"vendor": "Unknown",
"versions": [
{
"lessThan": "1.1.10",
"status": "affected",
"version": "1.1.10",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Muhammad Daffa"
}
],
"descriptions": [
{
"lang": "en",
"value": "The VikRentCar Car Rental Management System WordPress plugin before 1.1.10 does not sanitise the \u0027Text Next to Icon\u0027 field when adding or editing a Characteristic, allowing high privilege users such as admin to use XSS payload in it, leading to an authenticated Stored Cross-Site Scripting issue"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross-site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-08-16T10:48:25",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpscan.com/vulnerability/368828f9-fdd1-4a82-8658-20e0f4c4da0c"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Vik Rent Car \u003c 1.1.10 - Authenticated Stored Cross-Site Scripting (XSS)",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2021-24519",
"STATE": "PUBLIC",
"TITLE": "Vik Rent Car \u003c 1.1.10 - Authenticated Stored Cross-Site Scripting (XSS)"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "VikRentCar Car Rental Management System",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "1.1.10",
"version_value": "1.1.10"
}
]
}
}
]
},
"vendor_name": "Unknown"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Muhammad Daffa"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The VikRentCar Car Rental Management System WordPress plugin before 1.1.10 does not sanitise the \u0027Text Next to Icon\u0027 field when adding or editing a Characteristic, allowing high privilege users such as admin to use XSS payload in it, leading to an authenticated Stored Cross-Site Scripting issue"
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpscan.com/vulnerability/368828f9-fdd1-4a82-8658-20e0f4c4da0c",
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/368828f9-fdd1-4a82-8658-20e0f4c4da0c"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2021-24519",
"datePublished": "2021-08-16T10:48:25",
"dateReserved": "2021-01-14T00:00:00",
"dateUpdated": "2024-08-03T19:35:20.093Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-1845 (GCVE-0-2024-1845)
Vulnerability from cvelistv5 – Published: 2024-07-11 06:00 – Updated: 2024-08-01 18:56
VLAI?
Title
VikRentCar Car Rental Management System < 1.3.2 - Cross Site Request Forgery
Summary
The VikRentCar Car Rental Management System WordPress plugin before 1.3.2 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks
Severity ?
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Unknown | VikRentCar Car Rental Management System |
Affected:
0 , < 1.3.2
(semver)
|
Credits
Srikar V
WPScan
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:e4j:vikrentcar_car_rental_management_system:*:*:*:*:*:wordpress:*:*"
],
"defaultStatus": "unaffected",
"product": "vikrentcar_car_rental_management_system",
"vendor": "e4j",
"versions": [
{
"lessThan": "1.3.2",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-1845",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-31T15:38:47.675984Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-31T17:22:15.089Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T18:56:22.201Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"exploit",
"vdb-entry",
"technical-description",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/a8d7b564-36e0-4f05-9b49-1b441f453d0a/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "VikRentCar Car Rental Management System",
"vendor": "Unknown",
"versions": [
{
"lessThan": "1.3.2",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Srikar V"
},
{
"lang": "en",
"type": "coordinator",
"value": "WPScan"
}
],
"descriptions": [
{
"lang": "en",
"value": "The VikRentCar Car Rental Management System WordPress plugin before 1.3.2 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-352 Cross-Site Request Forgery (CSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-11T06:00:02.403Z",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"exploit",
"vdb-entry",
"technical-description"
],
"url": "https://wpscan.com/vulnerability/a8d7b564-36e0-4f05-9b49-1b441f453d0a/"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "VikRentCar Car Rental Management System \u003c 1.3.2 - Cross Site Request Forgery",
"x_generator": {
"engine": "WPScan CVE Generator"
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2024-1845",
"datePublished": "2024-07-11T06:00:02.403Z",
"dateReserved": "2024-02-23T15:48:11.778Z",
"dateUpdated": "2024-08-01T18:56:22.201Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-24519 (GCVE-0-2021-24519)
Vulnerability from cvelistv5 – Published: 2021-08-16 10:48 – Updated: 2024-08-03 19:35
VLAI?
Title
Vik Rent Car < 1.1.10 - Authenticated Stored Cross-Site Scripting (XSS)
Summary
The VikRentCar Car Rental Management System WordPress plugin before 1.1.10 does not sanitise the 'Text Next to Icon' field when adding or editing a Characteristic, allowing high privilege users such as admin to use XSS payload in it, leading to an authenticated Stored Cross-Site Scripting issue
Severity ?
No CVSS data available.
CWE
- CWE-79 - Cross-site Scripting (XSS)
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Unknown | VikRentCar Car Rental Management System |
Affected:
1.1.10 , < 1.1.10
(custom)
|
Credits
Muhammad Daffa
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:35:20.093Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/368828f9-fdd1-4a82-8658-20e0f4c4da0c"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "VikRentCar Car Rental Management System",
"vendor": "Unknown",
"versions": [
{
"lessThan": "1.1.10",
"status": "affected",
"version": "1.1.10",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Muhammad Daffa"
}
],
"descriptions": [
{
"lang": "en",
"value": "The VikRentCar Car Rental Management System WordPress plugin before 1.1.10 does not sanitise the \u0027Text Next to Icon\u0027 field when adding or editing a Characteristic, allowing high privilege users such as admin to use XSS payload in it, leading to an authenticated Stored Cross-Site Scripting issue"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross-site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-08-16T10:48:25",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpscan.com/vulnerability/368828f9-fdd1-4a82-8658-20e0f4c4da0c"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Vik Rent Car \u003c 1.1.10 - Authenticated Stored Cross-Site Scripting (XSS)",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2021-24519",
"STATE": "PUBLIC",
"TITLE": "Vik Rent Car \u003c 1.1.10 - Authenticated Stored Cross-Site Scripting (XSS)"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "VikRentCar Car Rental Management System",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "1.1.10",
"version_value": "1.1.10"
}
]
}
}
]
},
"vendor_name": "Unknown"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Muhammad Daffa"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The VikRentCar Car Rental Management System WordPress plugin before 1.1.10 does not sanitise the \u0027Text Next to Icon\u0027 field when adding or editing a Characteristic, allowing high privilege users such as admin to use XSS payload in it, leading to an authenticated Stored Cross-Site Scripting issue"
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpscan.com/vulnerability/368828f9-fdd1-4a82-8658-20e0f4c4da0c",
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/368828f9-fdd1-4a82-8658-20e0f4c4da0c"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2021-24519",
"datePublished": "2021-08-16T10:48:25",
"dateReserved": "2021-01-14T00:00:00",
"dateUpdated": "2024-08-03T19:35:20.093Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}