CVE-2025-60168

Publication date

2025-10-22 14:32:42

Family

Patchstack

State

PUBLISHED

Description

Cross-Site Request Forgery (CSRF) vulnerability in integrationshotelrunner HotelRunner Booking Widget hotelrunner allows Stored XSS.This issue affects HotelRunner Booking Widget: from n/a through <= 1.6.