CVE-2026-3819

LOW

SourceCodester Resort Reservation System 1.0 - XSS

Title source: llm

Description

A vulnerability has been found in SourceCodester Resort Reservation System 1.0. The affected element is an unknown function of the file /?page=manage_reservation of the component Reservation Management Module. Such manipulation of the argument ID leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

References (5)

[Exploit, Mitigation, Third Party Advisory] https://medium.com/@rvpipalwa/stored-cross-site-scripting-xss-in-reservation-management-sourcecodester-resort-reservation-894ee77d7312

[Permissions Required, VDB Entry] https://vuldb.com/?ctiid.349785

[Third Party Advisory, VDB Entry] https://vuldb.com/?id.349785

[Third Party Advisory, VDB Entry] https://vuldb.com/?submit.769578

[Product] https://www.sourcecodester.com/

Scores

CVSS v3 3.5

EPSS 0.0003

EPSS Percentile 8.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N

Classification

CWE

CWE-94 CWE-79

Status published

Affected Products (1)

oretnom23/resort_reservation_system

Timeline

Published Mar 09, 2026

Tracked Since Mar 09, 2026