CVE-2026-13557
⚪ Do wiadomości
Wstrzyknięcie skryptów w itsourcecode Online Hotel Management System umożliwia atak XSS.
CVSS
4.3
EPSS
0.0%
Exploit
none
Vendor
Opis źródłowy (NVD)
A vulnerability was identified in itsourcecode Online Hotel Management System 1.0. This vulnerability affects unknown code of the file /admin/mod_room/controller.php?action=add of the component POST Request Handler. Such manipulation of the argument Name leads to cross site scripting. The attack may be launched remotely. The exploit is publicly available and might be used.
xss
Brak patcha
Źródła i daty
| Źródło | Wartość |
|---|---|
| NVD – CVSS | 4.3 |
| CISA KEV (aktywnie wykorzystywane) | Nie |
| FIRST EPSS (prawdopodobieństwo exploita) | 0.0% |
| Opublikowano (NVD) | 2026-06-29 10:16:30 UTC |
| Ostatnia modyfikacja (NVD) | 2026-06-29 18:47:21 UTC |
Referencje
- https://github.com/Hh-176/CVE/issues/8 (cna@vuldb.com)
- https://itsourcecode.com/ (cna@vuldb.com)
- https://vuldb.com/cve/CVE-2026-13557 (cna@vuldb.com)
- https://vuldb.com/submit/843587 (cna@vuldb.com)
- https://vuldb.com/vuln/374565 (cna@vuldb.com)
- https://vuldb.com/vuln/374565/cti (cna@vuldb.com)