CVE-2025-63949

A Reflected Cross-Site Scripting (XSS) vulnerability in yohanawi Hotel Management System (commit 87e004a) allows a remote attacker to execute arbitrary web script via the 'error' parameter in pages/room.php.

medium 6.1 CVSS 3.1
Published: Dec 18, 2025
Modified: Dec 31, 2025
Vendor: Yohanawi
Product: Hotel Management System
Versions: 2022-05-22

Description

A Reflected Cross-Site Scripting (XSS) vulnerability in yohanawi Hotel Management System (commit 87e004a) allows a remote attacker to execute arbitrary web script via the 'error' parameter in pages/room.php.

References

Related CVEs

CVE-2023-3616 critical · 9.8
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Mava Software Hotel Management System allows SQL Injection. This issue affect