Search

Find a vulnerability

Search criteria Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.

    2 vulnerabilities by cgpandey

    CVE-2025-7800 (GCVE-0-2025-7800)

    Vulnerability from nvd – Published: 2025-07-18 18:32 – Updated: 2025-07-18 18:42
    VLAI
    Title
    cgpandey hotelmis HTTP GET Request admin.php cross site scripting
    Summary
    A vulnerability classified as problematic was found in cgpandey hotelmis up to c572198e6c4780fccc63b1d3e8f3f72f825fc94e. This vulnerability affects unknown code of the file admin.php of the component HTTP GET Request Handler. The manipulation of the argument Search leads to cross site scripting. The attack can be initiated remotely. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://vuldb.com/?id.316864 vdb-entrytechnical-description
    https://vuldb.com/?ctiid.316864 signaturepermissions-required
    https://vuldb.com/?submit.616838 third-party-advisory
    Impacted products
    Vendor Product Version
    cgpandey hotelmis Affected: c572198e6c4780fccc63b1d3e8f3f72f825fc94e
    Create a notification for this product.
    Credits
    dev03303 (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-7800",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-07-18T18:42:52.105306Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-07-18T18:42:59.191Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "modules": [
                "HTTP GET Request Handler"
              ],
              "product": "hotelmis",
              "vendor": "cgpandey",
              "versions": [
                {
                  "status": "affected",
                  "version": "c572198e6c4780fccc63b1d3e8f3f72f825fc94e"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "dev03303 (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability classified as problematic was found in cgpandey hotelmis up to c572198e6c4780fccc63b1d3e8f3f72f825fc94e. This vulnerability affects unknown code of the file admin.php of the component HTTP GET Request Handler. The manipulation of the argument Search leads to cross site scripting. The attack can be initiated remotely. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available."
            },
            {
              "lang": "de",
              "value": "In cgpandey hotelmis bis c572198e6c4780fccc63b1d3e8f3f72f825fc94e wurde eine Schwachstelle entdeckt. Sie wurde als problematisch eingestuft. Hierbei betrifft es unbekannten Programmcode der Datei admin.php der Komponente HTTP GET Request Handler. Durch das Beeinflussen des Arguments Search mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Dieses Produkt verzichtet auf eine Versionierung und verwendet stattdessen Rolling Releases. Deshalb sind keine Details zu betroffenen oder zu aktualisierende Versionen vorhanden."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 5.1,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 3.5,
                "baseSeverity": "LOW",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N/E:X/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 3.5,
                "baseSeverity": "LOW",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N/E:X/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 4,
                "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N/E:ND/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "Cross Site Scripting",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-94",
                  "description": "Code Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-07-18T18:32:04.603Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-316864 | cgpandey hotelmis HTTP GET Request admin.php cross site scripting",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.316864"
            },
            {
              "name": "VDB-316864 | CTI Indicators (IOB, IOC, TTP, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.316864"
            },
            {
              "name": "Submit #616838 | cgpandey hotelmis master (latest commit: c572198) CWE-79",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.616838"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-07-18T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2025-07-18T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2025-07-18T11:00:17.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "cgpandey hotelmis HTTP GET Request admin.php cross site scripting"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2025-7800",
        "datePublished": "2025-07-18T18:32:04.603Z",
        "dateReserved": "2025-07-18T08:55:13.995Z",
        "dateUpdated": "2025-07-18T18:42:59.191Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-7800 (GCVE-0-2025-7800)

    Vulnerability from cvelistv5 – Published: 2025-07-18 18:32 – Updated: 2025-07-18 18:42
    VLAI
    Title
    cgpandey hotelmis HTTP GET Request admin.php cross site scripting
    Summary
    A vulnerability classified as problematic was found in cgpandey hotelmis up to c572198e6c4780fccc63b1d3e8f3f72f825fc94e. This vulnerability affects unknown code of the file admin.php of the component HTTP GET Request Handler. The manipulation of the argument Search leads to cross site scripting. The attack can be initiated remotely. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://vuldb.com/?id.316864 vdb-entrytechnical-description
    https://vuldb.com/?ctiid.316864 signaturepermissions-required
    https://vuldb.com/?submit.616838 third-party-advisory
    Impacted products
    Vendor Product Version
    cgpandey hotelmis Affected: c572198e6c4780fccc63b1d3e8f3f72f825fc94e
    Create a notification for this product.
    Credits
    dev03303 (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-7800",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-07-18T18:42:52.105306Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-07-18T18:42:59.191Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "modules": [
                "HTTP GET Request Handler"
              ],
              "product": "hotelmis",
              "vendor": "cgpandey",
              "versions": [
                {
                  "status": "affected",
                  "version": "c572198e6c4780fccc63b1d3e8f3f72f825fc94e"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "dev03303 (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability classified as problematic was found in cgpandey hotelmis up to c572198e6c4780fccc63b1d3e8f3f72f825fc94e. This vulnerability affects unknown code of the file admin.php of the component HTTP GET Request Handler. The manipulation of the argument Search leads to cross site scripting. The attack can be initiated remotely. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available."
            },
            {
              "lang": "de",
              "value": "In cgpandey hotelmis bis c572198e6c4780fccc63b1d3e8f3f72f825fc94e wurde eine Schwachstelle entdeckt. Sie wurde als problematisch eingestuft. Hierbei betrifft es unbekannten Programmcode der Datei admin.php der Komponente HTTP GET Request Handler. Durch das Beeinflussen des Arguments Search mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Dieses Produkt verzichtet auf eine Versionierung und verwendet stattdessen Rolling Releases. Deshalb sind keine Details zu betroffenen oder zu aktualisierende Versionen vorhanden."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 5.1,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 3.5,
                "baseSeverity": "LOW",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N/E:X/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 3.5,
                "baseSeverity": "LOW",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N/E:X/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 4,
                "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N/E:ND/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "Cross Site Scripting",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-94",
                  "description": "Code Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-07-18T18:32:04.603Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-316864 | cgpandey hotelmis HTTP GET Request admin.php cross site scripting",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.316864"
            },
            {
              "name": "VDB-316864 | CTI Indicators (IOB, IOC, TTP, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.316864"
            },
            {
              "name": "Submit #616838 | cgpandey hotelmis master (latest commit: c572198) CWE-79",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/?submit.616838"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-07-18T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2025-07-18T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2025-07-18T11:00:17.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "cgpandey hotelmis HTTP GET Request admin.php cross site scripting"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2025-7800",
        "datePublished": "2025-07-18T18:32:04.603Z",
        "dateReserved": "2025-07-18T08:55:13.995Z",
        "dateUpdated": "2025-07-18T18:42:59.191Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }