A vulnerability was found in itsourcecode Online Hotel Management System 1.0 . It has been classified as problematic . Affected by this vulnerability is an unknown functionality of the file /admin/mod_amenities/controller.php?action=add of the component POST Request Handler . The manipulation of the argument Name leads to cross site scripting. This vulnerability is documented as CVE-2026-13554 . The attack can be initiated remotely. Additionally, an exploit exists.