प्रस्तुत करा #581383: Summer Pearl Group Vacation Rental Management Platform 1.0.1 Authorization Bypass Through User-Controlled Keyमाहिती:

पदवी	Summer Pearl Group Vacation Rental Management Platform 1.0.1 Authorization Bypass Through User-Controlled Key
वर्णन	Vulnerability: IDOR Chained with Stored XSS Allowing Unauthorized Listing Creation/Modification and Client-Side Code Execution Description: Summer Pearl Group's Vacation Rental Management Platform versions prior to 1.0.2 suffer from an Insecure Direct Object Reference (IDOR) vulnerability in the listing management functionality. Authenticated attackers can manipulate request parameters to create/modify listings under arbitrary user accounts. Combined with insufficient input sanitization, this allows Stored Cross-Site Scripting (XSS) attacks via crafted listing names. Successful exploitation leads to unauthorized data manipulation and client-side code execution when victims view affected listings in the calendar interface. For full technical details, including proof of concept steps and video please refer to my GitHub repository in the "Advisory / Exploit" field below. Impact - Privilege escalation and loss of data integrity through creating or modifying listings belonging to other user accounts (IDOR) - Ability to change listing ownership, allowing attackers to take control of listings and deny access to owners - Inject and persist malicious JavaScript that executes in other users' browsers (Stored XSS) - Client-side execution without victim interaction beyond viewing an affected calendar page Affected Versions: ≤ v1.0.1 (vulnerable) v1.0.2 (patched) Suggested CVSS Score: 7.6 High CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L Vendor Coordination: The vulnerability was responsibly disclosed to the vendor Summer Pearl Group. They acknowledged the report and explicitly agreed to a potential CVE assignment. A fix was implemented and released in version v1.0.2. Vendor Contact Information: [email protected] , [email protected] Release Notes: https://summerpearlgroup.gr/spgpm/releases
उगम	⚠️ https://github.com/Stolichnayer/Summer-Pearl-Group-IDOR-XSS
उपयोगकर्ता	alexperrakis (UID 85369)
आधीनता	20/05/2025 10:12 AM (9 महिने ago)
नेमस्तपणा	25/05/2025 07:27 PM (5 days later)
स्थान	मान्य केले
VulDB entry	310269 [Summer Pearl Group Vacation Rental Management Platform जोपर्यंत 1.0.1 /spgpm/updateListing spgLsTitle क्रॉस साइट स्क्रिप्टिंग]
मुद्दे	20

◂ मागील बाजूस सिंहावलोकन पुढील ▸

Might our Artificial Intelligence support you?

Check our Alexa App!