Primary

Context

cgpandey hotelmis Cross-Site Scripting Vulnerability in admin.php

Vulnerability

A cross-site scripting (XSS) vulnerability has been identified in cgpandey hotelmis versions prior to commit c572198e6c4780fccc63b1d3e8f3f72f825fc94e. The issue arises in the file admin.php within the HTTP GET Request Handler component. The vulnerability is triggered by manipulating the 'Search' argument, allowing for the injection of malicious scripts. This issue can be exploited remotely, but requires user interaction from the victim.

Impact

Exploitation of this vulnerability allows for cross-site scripting, where an attacker can inject malicious scripts that are executed in the context of the user's browser.

Reproduction

To reproduce this vulnerability, send a request to the admin.php file with a crafted 'Search' parameter that includes the script payload. The injected script will be executed in the context of the user.

Added: Jul 18, 2025, 7:21 PM

Updated: Jul 18, 2025, 7:21 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

1.7

exploitability

7.7

remediation

0.0

relevance

0.3

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

1.7

exploitability

7.7

remediation

0.0

relevance

0.3

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

cgpandey hotelmis Cross-Site Scripting Vulnerability in admin.php

Vulnerability

Impact

Reproduction

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating