Hotel Management Software's Room Editing Page Allows Malicious Code Injection

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

6.1

Hotel Management Software's Room Editing Page Allows Malicious Code Injection

CVE-2025-65132

Summary

The hotel management software's room editing page has a security weakness. If an attacker knows how to exploit this, they can inject and run malicious code on your website, potentially causing issues for your business. To protect your website, update the software to a fixed version or use a web application firewall to block any suspicious activity.

Original title

alandsilva26 hotel-management-php 1.0 is vulnerable to Cross Site Scripting (XSS) in /public/admin/edit_room.php which allows an attacker to inject and execute arbitrary JavaScript via the room_id ...

Original description

Vulnerability type

CWE-79 Cross-site Scripting (XSS)

https://github.com/TREXNEGRO/Security-Advisories/blob/main/CVE-2025-65132/README...

Published: 14 Apr 2026 · Updated: 15 Apr 2026 · First seen: 14 Apr 2026