This vulnerability in the Neteuro Turisbook Booking System (up to version 1.3.8) involves improper neutralization of input during web page generation, resulting in stored cross-site scripting (XSS). An attacker could inject malicious scripts that are stored by the system and executed when other users access the affected pages. The CVSS 3.1 vector indicates network attack vector, low attack complexity, requiring low privileges and user interaction, with a scope change and low impact on confidentiality and integrity, and low impact on availability.

Successful exploitation could allow an attacker to execute arbitrary scripts in the context of other users, potentially leading to information disclosure, session hijacking, or other impacts on confidentiality, integrity, and availability. The CVSS score of 6.5 reflects a medium severity with partial impacts on these security properties. No known exploits in the wild have been reported to date.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is released, users should apply standard XSS mitigations such as input validation and output encoding where possible. Monitor vendor communications for updates regarding patches or official mitigations.