Actively Exploited in the Wild

This vulnerability is being actively exploited in the wild.

Primary

Context

Alokjaiswal Hotel Management Services Cross-Site Scripting Vulnerability

Vulnerability

Exploited

A cross-site scripting (XSS) vulnerability has been identified in Alokjaiswal Hotel Management Services versions through 5f8b60a7aa6c06a5632de569d4e3f6a8cd82f76f. The issue resides in an unknown function within the file '/usersub.php', part of the Request Pending Page component. This vulnerability can be exploited remotely, and a public exploit is available.

Impact

Exploitation of this vulnerability allows for cross-site scripting, where an attacker can inject malicious scripts that are executed in the context of the user's browser.

Reproduction

The vulnerability can be reproduced by sending a request to the '/usersub.php' page with crafted input that is not properly sanitized. This input will be reflected back to users, executing the injected script and demonstrating the cross-site scripting flaw.

Added: Dec 7, 2025, 6:18 PM

Updated: Dec 7, 2025, 6:18 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

1.7

exploitability

8.1

remediation

0.0

relevance

1.3

threat

8.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

1.7

exploitability

8.1

remediation

0.0

relevance

1.3

threat

8.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Actively Exploited in the Wild

Alokjaiswal Hotel Management Services Cross-Site Scripting Vulnerability

Vulnerability

Impact

Reproduction

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating