Search criteria
2 vulnerabilities found for Hostel Management System by itsourcecode
CVE-2025-11119 (GCVE-0-2025-11119)
Vulnerability from cvelistv5 – Published: 2025-09-28 20:32 – Updated: 2025-09-29 14:07 X_Freeware
VLAI?
Title
itsourcecode Hostel Management System POST Request index.php cross site scripting
Summary
A security flaw has been discovered in itsourcecode Hostel Management System 1.0. Impacted is an unknown function of the file /justines/index.php of the component POST Request Handler. Performing manipulation of the argument from results in cross site scripting. It is possible to initiate the attack remotely. The exploit has been released to the public and may be exploited.
Severity ?
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| itsourcecode | Hostel Management System |
Affected:
1.0
|
Credits
flame (VulDB User)
flame (VulDB User)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-11119",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-29T14:07:01.032348Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-29T14:07:06.147Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/iflame28/CVE/issues/1"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"POST Request Handler"
],
"product": "Hostel Management System",
"vendor": "itsourcecode",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "flame (VulDB User)"
},
{
"lang": "en",
"type": "analyst",
"value": "flame (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A security flaw has been discovered in itsourcecode Hostel Management System 1.0. Impacted is an unknown function of the file /justines/index.php of the component POST Request Handler. Performing manipulation of the argument from results in cross site scripting. It is possible to initiate the attack remotely. The exploit has been released to the public and may be exploited."
},
{
"lang": "de",
"value": "Eine Schwachstelle wurde in itsourcecode Hostel Management System 1.0 gefunden. Hierbei betrifft es unbekannten Programmcode der Datei /justines/index.php der Komponente POST Request Handler. Dank der Manipulation des Arguments from mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff l\u00e4sst sich \u00fcber das Netzwerk starten. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 5,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "Cross Site Scripting",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "Code Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-29T05:44:11.831Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-326200 | itsourcecode Hostel Management System POST Request index.php cross site scripting",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.326200"
},
{
"name": "VDB-326200 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.326200"
},
{
"name": "Submit #663519 | itsourcecode Hostel Management System V1.0 xss",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.663519"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://github.com/iflame28/CVE/issues/1"
},
{
"tags": [
"product"
],
"url": "https://itsourcecode.com/"
}
],
"tags": [
"x_freeware"
],
"timeline": [
{
"lang": "en",
"time": "2025-09-27T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-09-27T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-09-29T07:44:42.000Z",
"value": "VulDB entry last update"
}
],
"title": "itsourcecode Hostel Management System POST Request index.php cross site scripting"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-11119",
"datePublished": "2025-09-28T20:32:06.429Z",
"dateReserved": "2025-09-27T17:44:22.340Z",
"dateUpdated": "2025-09-29T14:07:06.147Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-11119 (GCVE-0-2025-11119)
Vulnerability from nvd – Published: 2025-09-28 20:32 – Updated: 2025-09-29 14:07 X_Freeware
VLAI?
Title
itsourcecode Hostel Management System POST Request index.php cross site scripting
Summary
A security flaw has been discovered in itsourcecode Hostel Management System 1.0. Impacted is an unknown function of the file /justines/index.php of the component POST Request Handler. Performing manipulation of the argument from results in cross site scripting. It is possible to initiate the attack remotely. The exploit has been released to the public and may be exploited.
Severity ?
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| itsourcecode | Hostel Management System |
Affected:
1.0
|
Credits
flame (VulDB User)
flame (VulDB User)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-11119",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-29T14:07:01.032348Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-29T14:07:06.147Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/iflame28/CVE/issues/1"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"POST Request Handler"
],
"product": "Hostel Management System",
"vendor": "itsourcecode",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "flame (VulDB User)"
},
{
"lang": "en",
"type": "analyst",
"value": "flame (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A security flaw has been discovered in itsourcecode Hostel Management System 1.0. Impacted is an unknown function of the file /justines/index.php of the component POST Request Handler. Performing manipulation of the argument from results in cross site scripting. It is possible to initiate the attack remotely. The exploit has been released to the public and may be exploited."
},
{
"lang": "de",
"value": "Eine Schwachstelle wurde in itsourcecode Hostel Management System 1.0 gefunden. Hierbei betrifft es unbekannten Programmcode der Datei /justines/index.php der Komponente POST Request Handler. Dank der Manipulation des Arguments from mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff l\u00e4sst sich \u00fcber das Netzwerk starten. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 5,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "Cross Site Scripting",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "Code Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-29T05:44:11.831Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-326200 | itsourcecode Hostel Management System POST Request index.php cross site scripting",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.326200"
},
{
"name": "VDB-326200 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.326200"
},
{
"name": "Submit #663519 | itsourcecode Hostel Management System V1.0 xss",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.663519"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://github.com/iflame28/CVE/issues/1"
},
{
"tags": [
"product"
],
"url": "https://itsourcecode.com/"
}
],
"tags": [
"x_freeware"
],
"timeline": [
{
"lang": "en",
"time": "2025-09-27T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-09-27T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-09-29T07:44:42.000Z",
"value": "VulDB entry last update"
}
],
"title": "itsourcecode Hostel Management System POST Request index.php cross site scripting"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-11119",
"datePublished": "2025-09-28T20:32:06.429Z",
"dateReserved": "2025-09-27T17:44:22.340Z",
"dateUpdated": "2025-09-29T14:07:06.147Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}