CVE-2026-13554 itsourcecode CVE debrief

Who should care

Defenders of itsourcecode Online Hotel Management System 1.0 instances should prioritize reviewing and updating their systems to mitigate this vulnerability. Due to the remote attack vector and public exploit disclosure, immediate attention is advised. Organizations using similar systems should also assess their exposure.

Technical summary

The vulnerability exists in the /admin/mod_amenities/controller.php?action=add file of itsourcecode Online Hotel Management System 1.0. The POST Request Handler does not properly sanitize user input in the Name argument, leading to cross site scripting. The CVSS score is 2.1, indicating a low severity. However, the remote attack vector and public exploit availability increase the urgency for patching.

Defensive priority

Apply patches or mitigations immediately due to public exploit disclosure and remote attack vector. Review system configurations and update as necessary.

Recommended defensive actions

• Apply official patches or updates for itsourcecode Online Hotel Management System 1.0
• Implement input validation and output encoding for user-supplied data
• Conduct thorough inventory checks for affected systems
• Enhance monitoring for suspicious activity related to /admin/mod_amenities/controller.php?action=add
• Consider compensating controls for systems that cannot be patched immediately

Evidence notes

The CVE and NVD provide official details on this vulnerability. Additional sources, including Vuldb and GitHub, offer further context and potential exploit information. However, evidence is limited, and further investigation is required to determine the full scope of affected systems and potential impact.

Official resources