Hotel Management System
CVE-2022-2292
MEDIUM
Severity by source
AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Lifecycle Timeline
1DescriptionNVD
A vulnerability classified as problematic has been found in SourceCodester Hotel Management System 2.0. Affected is an unknown function of the file /ci_hms/massage_room/edit/1 of the component Room Edit Page. The manipulation of the argument massageroomDetails with the input "><script>alert("XSS")</script> leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
AnalysisAI
A vulnerability classified as problematic has been found in SourceCodester Hotel Management System 2.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
Technical ContextAI
This vulnerability is classified as Cross-Site Scripting (XSS) (CWE-79), which allows attackers to inject malicious scripts into web pages viewed by other users. A vulnerability classified as problematic has been found in SourceCodester Hotel Management System 2.0. Affected is an unknown function of the file /ci_hms/massage_room/edit/1 of the component Room Edit Page. The manipulation of the argument massageroomDetails with the input "><script>alert("XSS")</script> leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Affected products include: Hotel Management System Project Hotel Management System.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Sanitize all user input, use Content-Security-Policy headers, encode output contextually (HTML, JS, URL). Use frameworks with built-in XSS protection.
More in Hotel Management System
View allHotel Management System commit 91caab8 was discovered to contain a SQL injection vulnerability via the book_id parameter
Hotel Management System commit 91caab8 was discovered to contain a SQL injection vulnerability via the room_type paramet
Code-projects Hotel Managment System 1.0 allows SQL Injection via the 'eid' parameter in Hotel/admin/usersettingdel.php?
Code-projects Hotel Managment System 1.0, allows SQL Injection via the 'rid' parameter in Hotel/admin/roombook.php?rid=2
Code-projects Hotel Managment System 1.0, allows SQL Injection via the 'sid' parameter in Hotel/admin/show.php?sid=2. Ra
An Incorrect Access Control vulnerability was found in /admin/edit_room_controller.php in Kashipara Hotel Management Sys
An Incorrect Access Control vulnerability was found in /admin/add_room_controller.php in Kashipara Hotel Management Syst
A Cross-Site Request Forgery (CSRF) in the component admin_modify_room.php of Hotel Management System commit 91caab8 all
A Cross-Site Request Forgery (CSRF) in the component admin_room_removed.php of Hotel Management System commit 91caab8 al
Hotel Management System commit 91caab8 was discovered to contain a SQL injection vulnerability via the room_type paramet
A Cross-Site Request Forgery (CSRF) in the component admin_room_added.php of Hotel Management System commit 91caab8 allo
Code-projects Hotel Managment System 1.0 allows SQL Injection via the 'pid' parameter in Hotel/admin/print.php?pid=2. Ra
Same weakness CWE-79 – Cross-site Scripting (XSS)
View allShare
External POC / Exploit Code
Leaving vuln.today