CVE-2020-18102

Name of the Vulnerable Software and Affected Versions Hotels Server version 1.0

Description The issue is related to Cross Site Scripting (XSS) that allows remote attackers to execute arbitrary code. This is achieved by injecting crafted commands into the data fields in the "/controller/publishHotel.php" component. The vulnerability is due to the lack of protection measures for the web page structure, which can be exploited by a remote attacker to execute arbitrary code.

Recommendations For Hotels Server version 1.0, consider disabling access to the "/controller/publishHotel.php" component until a patch is available. Restrict input to the data fields in this component to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.