{"cve":{"cve_id":"CVE-2025-7800","is_kev":false,"kev_date_added":null,"kev_vendor_project":null,"kev_product":null,"kev_vulnerability_name":null,"kev_short_description":null,"kev_required_action":null,"kev_due_date":null,"kev_known_ransomware":null,"kev_notes":null,"kev_cwes":null,"epss_score":0.00227,"epss_percentile":0.13255,"epss_as_of":"2026-06-23","description":"A vulnerability classified as problematic was found in cgpandey hotelmis up to c572198e6c4780fccc63b1d3e8f3f72f825fc94e. This vulnerability affects unknown code of the file admin.php of the component HTTP GET Request Handler. The manipulation of the argument Search leads to cross site scripting. The attack can be initiated remotely. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available.","published_at":"2025-07-18T18:32:04.603000Z","last_modified_at":null,"cvss_v3_score":3.5,"cvss_v3_vector":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N/E:X/RL:X/RC:R","cvss_v3_severity":"LOW","cvss_v4_score":5.1,"cvss_v4_vector":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X","cvss_v4_severity":"MEDIUM","ssvc_decision":null,"ssvc_exploitation":null,"ssvc_automatable":null,"ssvc_technical_impact":null,"cwes":["CWE-79","CWE-94"],"nvd_references":["https://vuldb.com/?id.316864","https://vuldb.com/?ctiid.316864","https://vuldb.com/?submit.616838"],"vuln_status":null,"trending_score":null,"is_trending":false,"has_trended":false,"trended_number_one":false,"trending_peak_score":null,"trending_peak_rank":null,"started_trending_at":null,"trended_number_one_at":null,"summary_generated":null,"summary_generated_at":null,"summary_model":null,"created_at":"2026-06-24T00:09:39.878444Z","updated_at":"2026-06-28T23:28:34.000876Z"},"effective_severity":"MEDIUM","badges":[],"impact_analysis":[],"cvss_v3_decoded":{"version":"3.1","metrics":[{"metric":"AV","name":"Attack Vector","value":"N","value_label":"Network"},{"metric":"AC","name":"Attack Complexity","value":"L","value_label":"Low"},{"metric":"PR","name":"Privileges Required","value":"L","value_label":"Low"},{"metric":"UI","name":"User Interaction","value":"R","value_label":"Required"},{"metric":"S","name":"Scope","value":"U","value_label":"Unchanged"},{"metric":"C","name":"Confidentiality","value":"N","value_label":"None"},{"metric":"I","name":"Integrity","value":"L","value_label":"Low"},{"metric":"A","name":"Availability","value":"N","value_label":"None"},{"metric":"E","name":"E","value":"X","value_label":"X"},{"metric":"RL","name":"RL","value":"X","value_label":"X"},{"metric":"RC","name":"RC","value":"R","value_label":"Required"}]},"cvss_v4_decoded":{"version":"4.0","metrics":[{"metric":"AV","name":"Attack Vector","value":"N","value_label":"Network"},{"metric":"AC","name":"Attack Complexity","value":"L","value_label":"Low"},{"metric":"AT","name":"Attack Requirements","value":"N","value_label":"None"},{"metric":"PR","name":"Privileges Required","value":"L","value_label":"Low"},{"metric":"UI","name":"User Interaction","value":"P","value_label":"Passive"},{"metric":"VC","name":"Confidentiality (Vulnerable System)","value":"N","value_label":"None"},{"metric":"VI","name":"Integrity (Vulnerable System)","value":"L","value_label":"Low"},{"metric":"VA","name":"Availability (Vulnerable System)","value":"N","value_label":"None"},{"metric":"SC","name":"Confidentiality (Subsequent System)","value":"N","value_label":"None"},{"metric":"SI","name":"Integrity (Subsequent System)","value":"N","value_label":"None"},{"metric":"SA","name":"Availability (Subsequent System)","value":"N","value_label":"None"},{"metric":"E","name":"E","value":"X","value_label":"X"}]},"affected":[{"vendor_slug":"cgpandey","vendor_name":"cgpandey","product_slug":"hotelmis","product_name":"hotelmis","version_start":"c572198e6c4780fccc63b1d3e8f3f72f825fc94e","version_start_inclusive":true,"version_end":"c572198e6c4780fccc63b1d3e8f3f72f825fc94e","version_end_inclusive":true,"cpe23_uri":"cve5:cgpandey:hotelmis:c572198e6c4780fccc63b1d3e8f3f72f825fc94e:c572198e6c4780fccc63b1d3e8f3f72f825fc94e"}],"exploit_refs":[],"news":[],"references":[{"url":"https://vuldb.com/?id.316864","source_type":"MISC","tags":[]},{"url":"https://vuldb.com/?ctiid.316864","source_type":"MISC","tags":[]},{"url":"https://vuldb.com/?submit.616838","source_type":"MISC","tags":[]}],"timeline":[{"type":"published","at":"2025-07-18T18:32:04.603000Z","label":"CVE published","source":null},{"type":"cvss_changed","at":"2026-06-28T17:49:50.811184Z","label":"CVSS score revised","source":"cvelistv5"},{"type":"cvss_changed","at":"2026-06-28T17:49:50.811184Z","label":"CVSS score revised","source":"cvelistv5"},{"type":"cvss_changed","at":"2026-06-28T17:49:50.811184Z","label":"CVSS score revised","source":"cvelistv5"},{"type":"cvss_changed","at":"2026-06-28T17:49:50.811184Z","label":"CVSS score revised","source":"cvelistv5"},{"type":"cvss_changed","at":"2026-06-28T17:49:50.811184Z","label":"CVSS score revised","source":"cvelistv5"},{"type":"cvss_changed","at":"2026-06-28T17:49:50.811184Z","label":"CVSS score revised","source":"cvelistv5"}]}