Cross Site Scripting Vulnerability in Code-Projects Hotel Reservation System
CVE-2025-60308

4.1MEDIUM

Key Information:

Vendor: Code-Projects
Status: Simple Online Hotel Reservation System
Vendor: CVE Published:; 10 October 2025

🔔 Create Code-Projects Vulnerability Alert

What is CVE-2025-60308?

The Simple Online Hotel Reservation System 1.0, developed by Code-Projects, is vulnerable to Cross Site Scripting (XSS) attacks via the Add Room function. An attacker can inject malicious JavaScript code into the Description field, which may lead to the leakage of sensitive information, including the administrator's cookie data when this room information is accessed. This poses a significant risk to the security and integrity of the online booking platform, making users susceptible to data theft and further exploits.

References

http://code-projects.com

https://github.com/Chen1-Boop/CVE/blob/main/CVE-2025-6030...

CVSS V3.1

Score:

4.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 10, 2025
Vulnerability Reserved
Sep 26, 2025

JSON