CVE-2026-3819

CWE-79 — Cross-site Scripting (XSS)CWE-94 — Code Injection2 documents2 sources

Severity

5.1MEDIUM

EPSS

0.0%

top 98.46%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Sourcecodester Resort Reservation System Oretnom23 Resort Reservation System

Timeline

PublishedMar 9

Description

A vulnerability has been found in SourceCodester Resort Reservation System 1.0. The affected element is an unknown function of the file /?page=manage_reservation of the component Reservation Management Module. Such manipulation of the argument ID leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

Affected Packages2 packages

▶CVEListV5sourcecodester/resort_reservation_system1.0

▶NVDoretnom23/resort_reservation_system1.0

🔴Vulnerability Details

CVEList

SourceCodester Resort Reservation System Reservation Management page cross site scripting↗2026-03-09

▶