CVE Catalog

CVE-2025-60308

MediumCVSS 4.1
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.22%

13th percentile - higher than 13% of all known CVEs

Summary

A Cross Site Scripting (XSS) vulnerability was found in the Add Room function of Simple Online Hotel Reservation System 1.0. Malicious JavaScript entered in the Description field can leak administrator cookies when viewing room details.

Risk Assessment

An attacker can hijack the administrator session, gaining unauthorized access to the management panel and sensitive data.

Recommendation

Immediately update the system to the latest version and implement input filtering and encoding for the Description field.

Original NVD description (English source)

code-projects Simple Online Hotel Reservation System 1.0 has a Cross Site Scripting (XSS) vulnerability in the Add Room function of the online hotel reservation system. Malicious JavaScript code is entered in the Description field, which can leak the administrator's cookie information when browsing this room information

Vulnerability data from NVD (NIST) · CISA KEV · EPSS