CVE-2026-2160

Name of the Vulnerable Software and Affected Versions SourceCodester Simple Responsive Tourism Website version 1.0

Description A flaw exists in SourceCodester Simple Responsive Tourism Website that allows for cross site scripting. This issue is triggered through manipulation of the Title argument in the file /tourism/classes/Master.php?f=save package. The attack can be launched remotely. The exploit details have been publicly released.

Recommendations Apply any available updates to address the issue in the affected file /tourism/classes/Master.php?f=save package. As a temporary workaround, consider sanitizing the Title input to prevent the injection of malicious scripts.