Code-Projects Simple Online Hotel Reservation System Cross-Site Scripting Vulnerability

A cross-site scripting (XSS) vulnerability has been identified in Code-Projects Simple Online Hotel Reservation System version 1.0. The issue arises in the Add Room function, where malicious JavaScript can be injected into the Description field. This injected script has the potential to steal the administrator's cookie information when the room details are viewed.

Impact

Exploitation of this vulnerability allows for cross-site scripting, where an attacker can inject malicious scripts that are executed in the context of the user's browser.

Reproduction

To reproduce this vulnerability, add a new room in the application and inject JavaScript code into the Description field. Once the room is saved, an administrator viewing the room information will have their cookies leaked due to the executed script.