Description
A vulnerability was determined in itsourcecode Online Hotel Management System 1.0. This affects an unknown part of the file /admin/mod_users/controller.php?action=edit of the component POST Request Handler. This manipulation of the argument Name causes cross site scripting. The attack may be initiated remotely. The exploit has been publicly disclosed and may be utilized.
Published: 2026-06-29
Score: 5.3 Medium
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A cross‑site scripting flaw exists in itsourcecode Online Hotel Management System 1.0 within a POST request handler located at /admin/mod_users/controller.php?action=edit. By manipulating the Name parameter, an attacker can inject malicious scripts that are executed in the context of an administrator’s browser. The vulnerability is capable of being triggered remotely, and the exploit has already been publicly disclosed.

Affected Systems

The affected system is itsourcecode’s Online Hotel Management System version 1.0. No other versions or products are explicitly listed as affected.

Risk and Exploitability

The CVSS score is 5.3, indicating a medium severity. EPSS information is unavailable, and the vulnerability is not listed in the CISA KEV catalog, suggesting no confirmed exploitation cases yet. The attack vector is inferred to be an external HTTP POST request to the edit action. If exploited, the flaw could allow attackers to run arbitrary scripts in the context of privileged users, potentially leading to session hijacking, data theft, or defacement.

Generated by OpenCVE AI on June 29, 2026 at 11:21 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Contact itsourcecode to report the vulnerability and request an official patch.
  • Sanitize and validate all user‑supplied input for the Name field to eliminate injection of malicious scripts.
  • Deploy a web application firewall or XSS protection mechanism to detect and block malicious payloads.

Generated by OpenCVE AI on June 29, 2026 at 11:21 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 29 Jun 2026 10:15:00 +0000

Type Values Removed Values Added
Description A vulnerability was determined in itsourcecode Online Hotel Management System 1.0. This affects an unknown part of the file /admin/mod_users/controller.php?action=edit of the component POST Request Handler. This manipulation of the argument Name causes cross site scripting. The attack may be initiated remotely. The exploit has been publicly disclosed and may be utilized.
Title itsourcecode Online Hotel Management System POST Request controller.php edit cross site scripting
First Time appeared Itsourcecode
Itsourcecode online Hotel Management System
Weaknesses CWE-79
CWE-94
CPEs cpe:2.3:a:itsourcecode:online_hotel_management_system:*:*:*:*:*:*:*:*
Vendors & Products Itsourcecode
Itsourcecode online Hotel Management System
References
Metrics cvssV2_0

{'score': 5, 'vector': 'AV:N/AC:L/Au:N/C:N/I:P/A:N/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 4.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 5.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P'}

Subscriptions

Itsourcecode Online Hotel Management System
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-06-29T09:45:07.318Z

Reserved: 2026-06-28T16:02:39.738Z

Link: CVE-2026-13556

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-29T11:30:05Z

Weaknesses
  • CWE-79

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

  • CWE-94

    Improper Control of Generation of Code ('Code Injection')