Restaurant Reservation System Patches Easy-to-Exploit XSS Bug
#1
Information 
Quote:An easy-to-exploit bug impacting the WordPress plugin ReDi Restaurant Reservation allows unauthenticated attackers to pilfer reservation data and customer personal identifiable information by simply submitting a malicious snippet of JavaScript code into the reservation comment field.
 
The bug affects ReDi Restaurant Reservation versions prior to 21.0307, with a patched (v. 21.0426) version of the plugin available for download. The vulnerability (CVE-2021-24299) is a persistent cross-site scripting (XSS) bug. The flaw is not yet rated.
 
A public proof-of-concept disclosure of the ReDi bug was released Sunday with the official public disclosure delayed a month “due to the severity of the vulnerability,” according to Bastijn Ouwendijk, credited for finding the bug. The researcher alerted the makers of the plugin, Catz Soft, on April 15. A fix was available on April 25.“[The bug] makes it possible for malicious attackers to, for example, steal the plugin API-key and potentially steal information about customers that made reservations, steal cookies or other sensitive data,” according Ouwendijk in a technical breakdown and proof of concept of the bug posted Sunday.
 
Leaky application programming interface (API) keys have been a popular target of hackers in dozens of attacks and been responsible for even more vendor fixes. Twitter, Imperva’s Cloud Web Application Firewall and recently 30 popular mHealth apps have each grappled with insecure API key issues.

Read more: Reservation System Fixes Easy-to-Exploit XSS Bug | Threatpost
[-] The following 1 user says Thank You to silversurfer for this post:
  • harlan4096
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)
[-]
Welcome
You have to register before you can post on our site.

Username/Email:


Password:





[-]
Recent Posts
AMD prepares Linux support for new Low P...
AMD Linux patch ad...harlan4096 — 07:16
Opera 149.0.7827.197
Dear Opera Users! ...harlan4096 — 07:14
Privazer 4.0.124.1 (28 June 2026)
v4.0.124.1 (28 Jun...harlan4096 — 07:13
GlassWire 3.9.1102 - (June 29, 2026)
Version 3.9.1102 -...harlan4096 — 07:12
AMD Radeon Software Adrenalin 26.6.4 dri...
AMD Radeon Software...harlan4096 — 07:10

[-]
Birthdays
Today's Birthdays
avatar (43)uapedDow
avatar (47)suiscced
avatar (48)Angarpaf
avatar (41)clarissalo60
Upcoming Birthdays
avatar (47)dapedDow
avatar (49)TromPerl
avatar (46)RidgeDimb
avatar (37)ipumaqar
avatar (51)tanliorsPeri
avatar (43)lapedDow
avatar (49)rituabew
avatar (37)omyjul
avatar (41)papedDow
avatar (50)ArnoldFum
avatar (38)yfaza
avatar (49)Kevensi
avatar (48)ConradRoand
avatar (39)boineDon
avatar (51)spoofTum
avatar (50)WillieVot
avatar (40)Grompelbawn
avatar (41)vkseogaF
avatar (37)usogy
avatar (41)optsaZes
avatar (40)RaymondViata
avatar (40)ywixazok
avatar (38)ixoqe
avatar (56)Step 1
avatar (36)pa.OpenTran

[-]
Online Staff
There are no staff members currently online.

>