CVE-2025-63949

Name of the Vulnerable Software and Affected Versions yohanawi Hotel Management System version 87e004a

Description A Reflected Cross-Site Scripting (XSS) issue exists in yohanawi Hotel Management System. This allows a remote attacker to execute arbitrary web script through the error parameter in the 'pages/room.php' file. The vulnerable parameter is error. The affected API endpoint is '/pages/room.php'.

Recommendations Apply the fix for version 87e004a. As a temporary workaround, sanitize the error parameter in the '/pages/room.php' file to prevent the execution of arbitrary web scripts.