Alokjaiswal Hotel Management Services Cross-Site Scripting Vulnerability

A cross-site scripting (XSS) vulnerability has been identified in Alokjaiswal Hotel Management Services versions prior to 5f8b60a7aa6c06a5632de569d4e3f6a8cd82f76f. The issue resides in the file 'dishsub.php', where the 'item.name' argument can be manipulated to inject malicious scripts. This vulnerability can be exploited remotely and has been publicly disclosed, with an available proof-of-concept exploit.

Impact

Exploitation of this vulnerability allows for cross-site scripting, where an attacker can inject malicious scripts that are executed in the context of the user's browser.

Reproduction

To reproduce this vulnerability, log into the application and navigate to the 'dishsub.php' file. Manipulate the 'item.name' input field to include a script payload. Once submitted, the injected script will be executed, demonstrating the cross-site scripting vulnerability.