Description
A vulnerability has been found in SourceCodester Resort Reservation System 1.0. The affected element is an unknown function of the file /?page=manage_reservation of the component Reservation Management Module. Such manipulation of the argument ID leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
Published: 2026-03-09
Score: 5.1 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Cross-site scripting
Action: Apply Patch
AI Analysis

Impact

The vulnerability is a stored cross‑site scripting flaw triggered by manipulating the ID parameter in the reservation management module of the web application. Attackers can inject arbitrary JavaScript that will execute in the browsers of users who view the affected page, potentially compromising session cookies, defacing content, or delivering further malware. The weakness maps to CWE‑79 for cross‑site scripting and CWE‑94 for insecure code execution. The flaw is exposed through a malformed request to the /?page=manage_reservation endpoint and can be triggered remotely without any authentication.

Affected Systems

This weakness affects the SourceCodester Resort Reservation System 1.0, version 1.0, released by SourceCodester. No other versions or components are listed as affected in the CNA data.

Risk and Exploitability

The CVSS score of 5.1 indicates moderate severity, and the EPSS score of less than 1% signals a low likelihood of exploitation in the wild. The vulnerability is not listed in the CISA KEV catalog. The attack vector is remote, relying on a crafted ID value in a public HTTP request, and the exploit is publicly disclosed, making it feasible for an adversary. While the risk is moderate, the possibility of widespread use by automated scanners or social engineers warrants timely remediation.

Generated by OpenCVE AI on April 16, 2026 at 10:14 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the vendor‑supplied patch or upgrade to a newer version of SourceCodester Resort Reservation System that addresses the stored XSS flaw.
  • Implement input validation and output encoding for the ID parameter on the Reservation Management page to prevent malicious script injection.
  • Restrict access to reservation‑management functionality to authenticated users and enforce least‑privilege controls to reduce exposure.

Generated by OpenCVE AI on April 16, 2026 at 10:14 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 10 Mar 2026 14:15:00 +0000

Type Values Removed Values Added
First Time appeared Sourcecodester
Sourcecodester resort Reservation System
Vendors & Products Sourcecodester
Sourcecodester resort Reservation System

Mon, 09 Mar 2026 18:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 09 Mar 2026 15:00:00 +0000

Type Values Removed Values Added
First Time appeared Oretnom23
Oretnom23 resort Reservation System
CPEs cpe:2.3:a:oretnom23:resort_reservation_system:1.0:*:*:*:*:*:*:*
Vendors & Products Oretnom23
Oretnom23 resort Reservation System

Mon, 09 Mar 2026 13:00:00 +0000

Type Values Removed Values Added
Description A vulnerability has been found in SourceCodester Resort Reservation System 1.0. The affected element is an unknown function of the file /?page=manage_reservation of the component Reservation Management Module. Such manipulation of the argument ID leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
Title SourceCodester Resort Reservation System Reservation Management page cross site scripting
Weaknesses CWE-79
CWE-94
References
Metrics cvssV2_0

{'score': 4, 'vector': 'AV:N/AC:L/Au:S/C:N/I:P/A:N/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 3.5, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 3.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 5.1, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P'}

Subscriptions

Oretnom23 Resort Reservation System
Sourcecodester Resort Reservation System
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-03-09T17:24:26.708Z

Reserved: 2026-03-08T17:43:36.418Z

Link: CVE-2026-3819

cve-icon Vulnrichment

Updated: 2026-03-09T17:24:22.710Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-09T13:15:57.350

Modified: 2026-04-29T01:00:01.613

Link: CVE-2026-3819

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-16T10:15:26Z

Weaknesses