{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-05T08:12:02.941","vulnerabilities":[{"cve":{"id":"CVE-2020-25444","sourceIdentifier":"cve@mitre.org","published":"2021-07-14T15:15:08.067","lastModified":"2024-11-21T05:17:58.597","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Cross Site Scripting (XSS) vulnerability in Booking Core - Ultimate Booking System Booking Core 1.7.0 via the (1) \"About Yourself” section under the “My Profile” page, \" (2) “Hotel Policy” field under the “Hotel Details” page, (3) “Pricing code” and “name” fields under the “Manage Tour” page, and (4) all the labels under the “Menu” section."},{"lang":"es","value":"Una vulnerabilidad de tipo Cross Site Scripting (XSS) en Booking Core - Ultimate Booking System Booking Core versión 1.7.0, por medio de la sección (1) \"About Yourself\" en la página \"My Profile\", \" (2) campo \"Hotel Policy\" en la página \"Hotel Details\", (3) campos \"Pricing code\" y \"name\" en la página \"Manage Tour\", y (4) todas las etiquetas en la sección \"Menu\""}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.3,"impactScore":2.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:S/C:N/I:P/A:N","baseScore":3.5,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"SINGLE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"LOW","exploitabilityScore":6.8,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:bookingcore:booking_core:1.7.0:*:*:*:*:*:*:*","matchCriteriaId":"BBAECB94-1670-484C-8089-49FE148D1565"}]}]}],"references":[{"url":"https://medium.com/%40singh.satyam158/vulnerabilities-in-booking-core-1-7-d85d1dfae44e","source":"cve@mitre.org"},{"url":"https://medium.com/%40singh.satyam158/vulnerabilities-in-booking-core-1-7-d85d1dfae44e","source":"af854a3a-2127-422b-91ae-364da2661108"}]}}]}