CVE-2026-3819 - Vulnerability Analysis
LowCVSS: 3.5Last Updated: March 9, 2026
SourceCodester Resort Reservation System - Stored XSS
Published: March 9, 2026Updated: March 9, 2026PoC AvailableRemote Exploitable
Overview
SourceCodester Resort Reservation System 1.0 contains a stored XSS caused by improper sanitization of the "ID" argument in /?page=manage_reservation of Reservation Management Module, letting remote attackers execute scripts, exploit requires crafted input.
Severity & Score
Severity: Low
CVSS Score: 3.5
Impact
Remote attackers can execute arbitrary scripts in users' browsers, potentially stealing session data or performing actions on behalf of users.
Mitigation
Update to the latest version with XSS protections or apply input sanitization and output encoding.
References
Related Resources
Details
- CVE ID
- CVE-2026-3819
- Severity
- Low
- CVSS Score
- 3.5
- Type
- stored_xss
- Status
- confirmed
CWE
- CWE-79
CVSS Metrics
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N