CVE-2021-39473

MEDIUM

Saibamen HotelManager v1.2 - Stored Cross-Site Scripting via Comment and Contact Fields

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2021-39473. PoCs published by BrunoTeixeira1996.

AI-analyzed exploit summary This repository provides a technical description of a stored XSS vulnerability in HotelManager v1.2, where malicious payloads can be injected via comment or contact fields in various endpoints (rooms, guests, reservations, users). The vulnerability is confirmed via GitHub issue links and requires user interaction to trigger.

Description

Saibamen HotelManager v1.2 is vulnerable to Cross Site Scripting (XSS) due to improper sanitization of comment and contact fields.

Exploits (1)

nomisec WRITEUP
by BrunoTeixeira1996 · poc
https://github.com/BrunoTeixeira1996/CVE-2021-39473

This repository provides a technical description of a stored XSS vulnerability in HotelManager v1.2, where malicious payloads can be injected via comment or contact fields in various endpoints (rooms, guests, reservations, users). The vulnerability is confirmed via GitHub issue links and requires user interaction to trigger.

Classification
Writeup 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target: HotelManager v1.2
Auth required
Prerequisites: Access to create/modify rooms, guests, reservations, or users · Ability to inject malicious scripts into comment/contact fields
devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (3)

Core 3

Scores

CVSS v3 5.4
EPSS 0.0062
EPSS Percentile 45.3%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-79
Status published
Products (1)
hotelmanager_project/hotelmanager 1.2
Published Nov 04, 2022
Tracked Since Feb 18, 2026