Junyanyip

**Name of the Vulnerable Software and Affected Versions** itsourcecode Online Hotel Management System Project In PHP version 1.0.0 **Description** The issue allows for Cross Site Scripting (XSS) and potentially remote code execution by entering malicious code in the `date selection box`. This can be exploited to execute unauthorized code on the system. **Recommendations** For itsourcecode Online Hotel Management System Project In PHP version 1.0.0, consider removing or restricting the ability to enter custom code in the date selection box until a proper fix is available. As a temporary workaround, restrict access to the date selection functionality to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** itsourcecode Online Hotel Management System Project In PHP version 1.0.0 **Description** The issue concerns SQL injection points existing in the login password input box. This can be exploited through time-based blind injection. **Recommendations** For version 1.0.0, consider restricting input in the login password box to minimize the risk of SQL injection exploitation until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.