CVE-2026-13556
MediumCVSS 4.3Exploitation Probability (EPSS)
Low risk35th percentile — higher than 35% of all known CVEs
Summary
A cross-site scripting vulnerability was found in itsourcecode Online Hotel Management System 1.0. An unknown part of the file /admin/mod_users/controller.php?action=edit in the POST Request Handler component allows manipulation of the Name argument, leading to script execution. The attack can be performed remotely and the exploit has been publicly disclosed.
Risk Assessment
The risk involves remote injection of malicious scripts, potentially leading to session hijacking, website defacement, or sensitive data theft. The public availability of the exploit increases the likelihood of attacks.
Recommendation
Immediately update the system to the latest version or apply the vendor's patch. Until then, validate and sanitize input in the Name argument and implement anti-XSS filters.
Original NVD description (English source)
A vulnerability was determined in itsourcecode Online Hotel Management System 1.0. This affects an unknown part of the file /admin/mod_users/controller.php?action=edit of the component POST Request Handler. This manipulation of the argument Name causes cross site scripting. The attack may be initiated remotely. The exploit has been publicly disclosed and may be utilized.

