CVE Catalog

CVE-2026-13557

MediumCVSS 4.3
Published: Updated: Translated: NVD NIST

Summary

A cross-site scripting vulnerability was found in itsourcecode Online Hotel Management System 1.0 in the file /admin/mod_room/controller.php?action=add. Manipulation of the Name argument in a POST request allows remote injection of malicious scripts. The exploit is publicly available.

Risk Assessment

An attacker can steal administrator sessions, redirect users to malicious sites, or perform other actions in the victim's browser context, compromising the confidentiality and integrity of the system.

Recommendation

Immediately update the system to the latest version or apply a security patch. Additionally, implement input validation and sanitization for the Name argument.

Original NVD description (English source)

A vulnerability was identified in itsourcecode Online Hotel Management System 1.0. This vulnerability affects unknown code of the file /admin/mod_room/controller.php?action=add of the component POST Request Handler. Such manipulation of the argument Name leads to cross site scripting. The attack may be launched remotely. The exploit is publicly available and might be used.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS