What the vulnerability does
01Description
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Bob Hostel allows DOM-Based XSS.This issue affects Hostel: from n/a through 1.1.5.1.
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L
What the vulnerability does
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Bob Hostel allows DOM-Based XSS.This issue affects Hostel: from n/a through 1.1.5.1.
Explanation of Vulnerability in Simple Terms
Bob Hostel versions up to 1.1.5.1 contain a cross-site scripting (XSS) vulnerability in a component requiring high-level privileges and user interaction. An attacker with administrative access can inject malicious scripts that execute in other users' browsers when they visit affected pages. The vulnerability allows reading or modifying page content and stealing session data.
What an attacker can do
Inject malicious scripts that run in other users' browsers to steal data or modify page content.
Potential impact on your site
Administrators with high privileges could be tricked into executing scripts that compromise other user accounts or site data.
Conditions required to exploit
Attacker must have high-level admin privileges and trick a user into visiting a malicious link or page.
Key dates
External resources