CVE-2024-42769

Name of the Vulnerable Software and Affected Versions Kashipara Hotel Management System version 1.0

Description A Reflected Cross Site Scripting (XSS) issue was found in the "/core/signup user.php" endpoint of the system, allowing remote attackers to execute arbitrary code via the user fname and user lname parameters. This could enable malicious scripts to hijack user sessions.

Recommendations For Kashipara Hotel Management System version 1.0, patch and validate user input as soon as possible to prevent attacks. As a temporary workaround, consider restricting access to the "/core/signup user.php" endpoint or validating and sanitizing the user fname and user lname parameters to minimize the risk of exploitation.