← Back
2026-03-09 12:32CVE-2026-3819VulDB
PUBLISHED5.2CWE-79CWE-94x_freeware

SourceCodester Resort Reservation System Reservation Management page cross site scripting

A vulnerability has been found in SourceCodester Resort Reservation System 1.0. The affected element is an unknown function of the file /?page=manage_reservation of the component Reservation Management Module. Such manipulation of the argument ID leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

Problem type

Affected products

SourceCodester

Resort Reservation System

1.0 - AFFECTED

References

VDB-349785 | SourceCodester Resort Reservation System Reservation Management page cross site scripting

https://vuldb.com/?id.349785

vdb-entrytechnical-description
VDB-349785 | CTI Indicators (IOB, IOC, TTP, IOA)

https://vuldb.com/?ctiid.349785

signaturepermissions-required
Submit #769578 | SourceCodester Resort Reservation System 1 Cross Site Scripting

https://vuldb.com/?submit.769578

third-party-advisory
medium.com

https://medium.com/@rvpipalwa/stored-cross-site-scripting-xss-in-reservation-management-sourcecodester-resort-reservation-894ee77d7312

broken-linkexploit
sourcecodester.com

https://www.sourcecodester.com/

product

JSON source

https://cveawg.mitre.org/api/cve/CVE-2026-3819
Click to expand
{
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "cveMetadata": {
    "cveId": "CVE-2026-3819",
    "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
    "assignerShortName": "VulDB",
    "dateUpdated": "2026-03-09T17:24:26.708Z",
    "dateReserved": "2026-03-08T17:43:36.418Z",
    "datePublished": "2026-03-09T12:32:07.853Z",
    "state": "PUBLISHED"
  },
  "containers": {
    "cna": {
      "providerMetadata": {
        "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "shortName": "VulDB",
        "dateUpdated": "2026-03-09T12:32:07.853Z"
      },
      "title": "SourceCodester Resort Reservation System Reservation Management page cross site scripting",
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability has been found in SourceCodester Resort Reservation System 1.0. The affected element is an unknown function of the file /?page=manage_reservation of the component Reservation Management Module. Such manipulation of the argument ID leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used."
        }
      ],
      "affected": [
        {
          "vendor": "SourceCodester",
          "product": "Resort Reservation System",
          "modules": [
            "Reservation Management Module"
          ],
          "versions": [
            {
              "version": "1.0",
              "status": "affected"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "lang": "en",
              "description": "Cross Site Scripting",
              "cweId": "CWE-79",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "lang": "en",
              "description": "Code Injection",
              "cweId": "CWE-94",
              "type": "CWE"
            }
          ]
        }
      ],
      "references": [
        {
          "url": "https://vuldb.com/?id.349785",
          "name": "VDB-349785 | SourceCodester Resort Reservation System Reservation Management page cross site scripting",
          "tags": [
            "vdb-entry",
            "technical-description"
          ]
        },
        {
          "url": "https://vuldb.com/?ctiid.349785",
          "name": "VDB-349785 | CTI Indicators (IOB, IOC, TTP, IOA)",
          "tags": [
            "signature",
            "permissions-required"
          ]
        },
        {
          "url": "https://vuldb.com/?submit.769578",
          "name": "Submit #769578 | SourceCodester Resort Reservation System 1 Cross Site Scripting",
          "tags": [
            "third-party-advisory"
          ]
        },
        {
          "url": "https://medium.com/@rvpipalwa/stored-cross-site-scripting-xss-in-reservation-management-sourcecodester-resort-reservation-894ee77d7312",
          "tags": [
            "broken-link",
            "exploit"
          ]
        },
        {
          "url": "https://www.sourcecodester.com/",
          "tags": [
            "product"
          ]
        }
      ],
      "metrics": [
        {},
        {
          "cvssV3_1": {
            "version": "3.1",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R",
            "baseScore": 3.5,
            "baseSeverity": "LOW"
          }
        },
        {
          "cvssV3_0": {
            "version": "3.0",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R",
            "baseScore": 3.5,
            "baseSeverity": "LOW"
          }
        },
        {
          "cvssV2_0": {
            "version": "2.0",
            "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N/E:POC/RL:ND/RC:UR",
            "baseScore": 4
          }
        }
      ],
      "timeline": [
        {
          "time": "2026-03-08T00:00:00.000Z",
          "lang": "en",
          "value": "Advisory disclosed"
        },
        {
          "time": "2026-03-08T01:00:00.000Z",
          "lang": "en",
          "value": "VulDB entry created"
        },
        {
          "time": "2026-03-08T18:48:40.000Z",
          "lang": "en",
          "value": "VulDB entry last update"
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "rvpipalwa (VulDB User)",
          "type": "reporter"
        }
      ],
      "tags": [
        "x_freeware"
      ]
    },
    "adp": [
      {
        "providerMetadata": {
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP",
          "dateUpdated": "2026-03-09T17:24:26.708Z"
        },
        "title": "CISA ADP Vulnrichment",
        "metrics": [
          {}
        ]
      }
    ]
  }
}