Share
## https://sploitus.com/exploit?id=PACKETSTORM:175800
# Exploit Title: Shuttle Booking Software v2.0 - Multiple Stored Cross-Site  
Scripting (Authenticated)  
# Date: 09/11/2023  
# Exploit Author: BugsBD Security Researcher (Rahad Chowdhury)  
# Vendor Homepage: https://www.phpjabbers.com/shuttle-booking-software/  
# Software Link: https://www.phpjabbers.com/shuttle-booking-software/  
# Version: v2.0  
# Tested on: Windows 10, Kali Linux  
# CVE: CVE-2023-48172  
  
Descriptions:  
Cross Site Scripting vulnerability in Shuttle Booking Software v.2.0 allows  
a remote attacker to execute arbitrary code via the name, description,  
title and address parameters in the index.php page.  
  
  
Steps to Reproduce:  
1. At first login your panel.  
2. Then use any XSS Payload in "name, description, title and address"  
parameters in Location, Lines and Users menus.  
3. You will see XSS pop up.  
  
## Reproduce:  
[href](https://github.com/bugsbd/CVE/tree/main/2023/CVE-2023-48172)