PT-2026-30754 · Code Projects · Online Hotel Booking
Ahmadmarzouk
·
Published
2026-04-06
·
Updated
2026-04-07
·
CVE-2026-5705
CVSS v2.0
5.0
Medium
| Vector | AV:N/AC:L/Au:N/C:N/I:P/A:N |
Name of the Vulnerable Software and Affected Versions
Code-projects Online Hotel Booking version 1.0
Description
A cross-site scripting issue exists in the Booking Endpoint component of Code-projects Online Hotel Booking version 1.0. Manipulation of the
roomname argument in the /booknow.php file can lead to cross-site scripting. The attack can be launched remotely and the exploit is publicly available.Recommendations
Update to a newer version that contains a fix for this vulnerability. As a temporary workaround, sanitize the
roomname input to prevent the injection of malicious scripts.Exploit
Fix
XSS
Code Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Online Hotel Booking