CVE-2023-49271

Name of the Vulnerable Software and Affected Versions Hotel Management version 1.0

Description The issue concerns multiple authenticated Reflected Cross-Site Scripting vulnerabilities. Specifically, the check out date parameter of the "reservation.php" resource is copied into the HTML document as plain text between tags. Any input is echoed unmodified in the application's response.

Recommendations For Hotel Management version 1.0, consider disabling the check out date parameter in the reservation.php resource until a patch is available. Restrict access to the reservation.php resource to minimize the risk of exploitation. Avoid using the check out date parameter in the affected resource until the issue is resolved.