CVE-2024-11050 MEDIUM

CVE-2024-11050: AMTT Hotel Broadband Operation System language.php cross site scripting

Vendor Amtt
Product Hotel Broadband Operation System
Weakness CWE-79 · XSS
Published November 10, 2024
Last update November 12, 2024
View on NVD All CVEs

CVSS base score

5.3/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

What the vulnerability does

01Description

A vulnerability was found in AMTT Hotel Broadband Operation System up to 3.0.3.151204 and classified as problematic. This issue affects some unknown processing of the file /language.php. The manipulation of the argument LangID/LangName/LangEName leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Key dates

02Disclosure timeline

November 10, 2024 CVE published
November 12, 2024 Record updated

Related vulnerabilities

04Related CVE

CVE-2024-47630 WordPress ElementInvader Addons for Elementor plugin <= 1.2.7 - Cross Site Scripting (XSS) vulnerability CVE-2025-64716 Anubis vulnerable to possible XSS via redir parameter when using subrequest auth mode CVE-2018-25210 WebOfisi E-Ticaret 4.0 SQL Injection via urun Parameter CVE-2024-51953 Stored XSS in ArcGIS Server Rest services CVE-2023-5073 iframe forms <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via iframe Shortcode