CVE-2022-50948 MEDIUM

CVE-2022-50948: Motopress Hotel Booking Lite 4.2.4 Stored Cross-Site Scripting

Vendor Motopress
Product Motopress Hotel Booking Lite
Weakness CWE-79 · XSS
Published May 10, 2026
Last update May 24, 2026
View on NVD All CVEs

CVSS base score

5.1/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N

What the vulnerability does

01Description

Motopress Hotel Booking Lite 4.2.4 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by submitting payloads in accommodation type fields. Attackers can inject script tags through the title and excerpt parameters when creating accommodation types, which execute in the browser when visitors access the accommodations page.

Key dates

02Disclosure timeline

May 10, 2026 CVE published
May 24, 2026 Record updated

Related vulnerabilities

04Related CVE

CVE-2019-1852 Cisco Prime Network Registrar Cross-Site Scripting Vulnerability CVE-2024-36182 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) CVE-2024-13527 Philantro – Donations and Donor Management <= 5.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via donate Shortcode CVE-2021-24813 Events Made Easy < 2.2.24 - Admin+ Stored Cross-Site Scripting CVE-2025-15416 xnx3 wangmarket Add Global Variable save.do cross site scripting