CVE-2025-7800 MEDIUM

CVE-2025-7800: cgpandey hotelmis HTTP GET Request admin.php cross site scripting

Vendor Cgpandey
Product hotelmis
Weakness CWE-79 · XSS
Published July 18, 2025
Last update July 18, 2025
View on NVD All CVEs

CVSS base score

5.1/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X

What the vulnerability does

01Description

A vulnerability classified as problematic was found in cgpandey hotelmis up to c572198e6c4780fccc63b1d3e8f3f72f825fc94e. This vulnerability affects unknown code of the file admin.php of the component HTTP GET Request Handler. The manipulation of the argument Search leads to cross site scripting. The attack can be initiated remotely. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available.

Key dates

02Disclosure timeline

July 18, 2025 CVE published
July 18, 2025 Record updated

Related vulnerabilities

04Related CVE

CVE-2026-46496 HAX CMS: Stored XSS via '<video-player>' component allows arbitrary JavaScript execution and token theft CVE-2025-66458 Lookyloo has multiple XSS due to unsafe use of f-strings in Markup CVE-2022-29455 WordPress Elementor plugin <= 3.5.5 - Unauthenticated DOM-based Reflected Cross-Site Scripting (XSS) vulnerability CVE-2025-32540 WordPress Feedify – Web Push Notifications plugin <= 2.4.5 - Reflected Cross Site Scripting (XSS) vulnerability CVE-2025-23836 WordPress Custom Coming Soon Plugin <= 2.2 - Reflected Cross Site Scripting (XSS) vulnerability