CVE-2024-42771

Name of the Vulnerable Software and Affected Versions Kashipara Hotel Management System version 1.0

Description A Stored Cross Site Scripting (XSS) issue was found in the "/admin/edit room controller.php" endpoint of the Kashipara Hotel Management System, allowing remote attackers to execute arbitrary code via the room name parameter. This enables malicious script injection, posing a risk to the system.

Recommendations For Kashipara Hotel Management System version 1.0, patch the system immediately and validate all user inputs to prevent exploitation. As a temporary workaround, consider restricting access to the "/admin/edit room controller.php" endpoint or validating the room name parameter to minimize the risk of malicious script injection.