Cross Site Scripting (XSS) vulnerability in Booking Core – Ultimate Booking System Booking Core 1.7.0 via the (1) "About Yourselfâ€� section under the “My Profileâ€� page, " (2) “Hotel Policyâ€� field under the “Hotel Detailsâ€� page, (3) “Pricing codeâ€� and “nameâ€� fields under the “Manage Tourâ€� page, and (4) all the labels under the “Menuâ€� section.