Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2021-39473 PoC — Saibamen HotelManager 跨站脚本漏洞

Source
https://github.com/BrunoTeixeira1996/CVE-2021-39473
Associated Vulnerability
Title:Saibamen HotelManager 跨站脚本漏洞 (CVE-2021-39473)
Description:Saibamen HotelManager v1.2 is vulnerable to Cross Site Scripting (XSS) due to improper sanitization of comment and contact fields.
Readme
# CVE-2021-39473

## Affected Product Code Base
HotelManager - v1.2

## Affected Component
Kernel.php; Middleware

## Attack Type
Remote

## Attack Vectors
To exploit this vulnerability the user needs to create "rooms" or "guests" or "reservations" or "users" and in the "comment" or "contact" field can execute a xss payload without even doing any bypass.

This is a stored XSS since I was able to store payloads on endpoints (rooms, guests, ...) and trigger them using different accounts.

## Link to the issue
https://github.com/Saibamen/HotelManager/issues/49
https://github.com/Saibamen/HotelManager/issues/49
File Snapshot

 [4.0K]  /data/pocs/d2e633da71a49af332b20f3727542b14a16fa141
└── [ 615]  README.md

0 directories, 1 file
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →