EIP-2026-107644

PRE-CVE

Hotel And Lodge Management System 1.0 - 'Customer Details' Stored XSS

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-107644. PoCs published by Jitendra Kumar Tripathi.

AI-analyzed exploit summary This is a writeup describing a stored XSS vulnerability in Hotel And Lodge Management System 1.0. The vulnerability allows an attacker to inject malicious JavaScript into the 'Customer Name' parameter, which executes when viewed, potentially stealing cookies or redirecting users.

Description

Hotel And Lodge Management System 1.0 - 'Customer Details' Stored XSS

Exploits (1)

exploitdb WRITEUP

by Jitendra Kumar Tripathi · textwebappsphp

https://www.exploit-db.com/exploits/49700

View Code ZIP pw:eip

This is a writeup describing a stored XSS vulnerability in Hotel And Lodge Management System 1.0. The vulnerability allows an attacker to inject malicious JavaScript into the 'Customer Name' parameter, which executes when viewed, potentially stealing cookies or redirecting users.

Classification

Writeup 90%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: Hotel And Lodge Management System 1.0

Auth required

Prerequisites: Valid credentials to access the Customer Details section · Ability to input data into the Customer Name field

MITRE ATT&CK

T1189 - Drive-by Compromise T1059.007 - JavaScript

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026