CVE Catalog

CVE-2026-13556

MediumCVSS 4.3
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.44%

35th percentile — higher than 35% of all known CVEs

Summary

A cross-site scripting vulnerability was found in itsourcecode Online Hotel Management System 1.0. An unknown part of the file /admin/mod_users/controller.php?action=edit in the POST Request Handler component allows manipulation of the Name argument, leading to script execution. The attack can be performed remotely and the exploit has been publicly disclosed.

Risk Assessment

The risk involves remote injection of malicious scripts, potentially leading to session hijacking, website defacement, or sensitive data theft. The public availability of the exploit increases the likelihood of attacks.

Recommendation

Immediately update the system to the latest version or apply the vendor's patch. Until then, validate and sanitize input in the Name argument and implement anti-XSS filters.

Original NVD description (English source)

A vulnerability was determined in itsourcecode Online Hotel Management System 1.0. This affects an unknown part of the file /admin/mod_users/controller.php?action=edit of the component POST Request Handler. This manipulation of the argument Name causes cross site scripting. The attack may be initiated remotely. The exploit has been publicly disclosed and may be utilized.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS