CVE-2020-25444

Name of the Vulnerable Software and Affected Versions: Booking Core - Ultimate Booking System version 1.7.0

Description: A Cross Site Scripting (XSS) issue exists, allowing potential exploitation through several fields and sections, including the "About Yourself” section under the “My Profile” page, the “Hotel Policy” field under the “Hotel Details” page, the “Pricing code” and “name” fields under the “Manage Tour” page, and all the labels under the “Menu” section.

Recommendations: For Booking Core - Ultimate Booking System version 1.7.0, consider restricting user input in the identified fields to minimize the risk of exploitation until a patch is available. As a temporary workaround, avoid using the vulnerable fields in the "My Profile", "Hotel Details", "Manage Tour", and "Menu" sections.