Anion3R

**Name of the Vulnerable Software and Affected Versions** Hotels Server version 1.0 **Description** The issue is related to Cross Site Scripting (XSS) that allows remote attackers to execute arbitrary code. This is achieved by injecting crafted commands into the data fields in the "/controller/publishHotel.php" component. The vulnerability is due to the lack of protection measures for the web page structure, which can be exploited by a remote attacker to execute arbitrary code. **Recommendations** For Hotels Server version 1.0, consider disabling access to the "/controller/publishHotel.php" component until a patch is available. Restrict input to the data fields in this component to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.