A vulnerability marked as problematic has been reported in code-projects Hotel and Tourism Reservation System 1.0 . Impacted is an unknown function of the file /ht/tour.php . Performing a manipulation of the argument name /email /people /number results in cross site scripting. This vulnerability is identified as CVE-2026-10289 . The attack can be initiated remotely. Additionally, an exploit exists.