EIP-2026-110114

PRE-CVE

Online Hotel Reservation System 1.0 - 'description' Stored Cross-site Scripting

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-110114. PoCs published by Mesut Cetin.

AI-analyzed exploit summary This exploit demonstrates a stored XSS vulnerability in the 'description' parameter of the Online Hotel Reservation System 1.0. An attacker with admin access can inject malicious JavaScript, which executes when other users view the affected page.

Description

Online Hotel Reservation System 1.0 - 'description' Stored Cross-site Scripting

Exploits (1)

exploitdb WORKING POC

by Mesut Cetin · textwebappsphp

https://www.exploit-db.com/exploits/49428

View Code ZIP pw:eip

This exploit demonstrates a stored XSS vulnerability in the 'description' parameter of the Online Hotel Reservation System 1.0. An attacker with admin access can inject malicious JavaScript, which executes when other users view the affected page.

Classification

Working Poc 100%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: Online Hotel Reservation System 1.0

Auth required

Prerequisites: Admin credentials · Access to the admin panel

MITRE ATT&CK

T1189 - Drive-by Compromise

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026