CVE-2023-49272

Name of the Vulnerable Software and Affected Versions Hotel Management version 1.0

Description The issue concerns multiple authenticated Reflected Cross-Site Scripting vulnerabilities. Specifically, the children parameter of the "reservation.php" resource is copied into the HTML document as plain text between tags, and any input is echoed unmodified in the application's response.

Recommendations For Hotel Management version 1.0, consider disabling the children parameter in the "reservation.php" resource until a patch is available to prevent exploitation. Restrict access to the reservation.php resource to minimize the risk of Cross-Site Scripting attacks. Avoid using the children parameter in the affected resource until the issue is resolved.