Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
5.3
Online Hotel Booking 1.0 allows hackers to inject malicious code
CVE-2026-5705
Summary
A security weakness in the Online Hotel Booking 1.0 system makes it possible for hackers to inject malicious code into the system, potentially causing harm to users. This could lead to unauthorized actions or data theft. To protect your customers, update the system to the latest version or apply the recommended fix.
Original title
A vulnerability was identified in code-projects Online Hotel Booking 1.0. Affected by this vulnerability is an unknown functionality of the file /booknow.php of the component Booking Endpoint. Such...
Original description
A vulnerability was identified in code-projects Online Hotel Booking 1.0. Affected by this vulnerability is an unknown functionality of the file /booknow.php of the component Booking Endpoint. Such manipulation of the argument roomname leads to cross site scripting. It is possible to launch the attack remotely. The exploit is publicly available and might be used.
nvd CVSS2.0
5.0
nvd CVSS3.1
4.3
nvd CVSS4.0
5.3
Vulnerability type
CWE-79
Cross-site Scripting (XSS)
CWE-94
Code Injection
Published: 7 Apr 2026 · Updated: 7 Apr 2026 · First seen: 7 Apr 2026