Guest Worldwide is a global collective of dynamic, industry-leading companies with more than 40 years of unparalleled experience serving the unique needs of diverse markets in every corner of the world.
The China Travel Service (Holdings) Limited is the backbone of the state-owned enterprise directly supervise by Central government. It is also the largest travel corporation in China and was established in April 1928 by Chinese banker Chen Guangfu. From generation to generation, it is now a large state-owned enterprise under the direction of the State-Owned Assets Supervision and Administration Commission of the State Council, and engages in tourism, industrial investment (iron and steel), real estate development and logistics trade. Travel business is the main business of the group. The China Travel International Investment Hong Kong Ltd. (CTII), held by the HKCTS, was the flagship of the group in tourism industry. The HKCTS is the largest travel agencies in Hong Kong. The travel service has opened 43 branches and offices in Hong Kong and Macao, and 21 overseas branches in 16 countries. Looking forward to the future, HKCTS will adhere to the scientific concept of development and make great efforts to build itself into a tourist conglomeration with international competitiveness and an ‘aircraft carrier’ in China’s tourist industry, with a rational structure, advanced management expertise, a large contingent of qualified personnel, best application of high-technologies, as well as No. 1 in terms of market shares, total revenue, net profit and net assets, IT application, and comprehensive economic strength.
Security & Compliance Standards Overview
No incidents recorded for Guest Worldwide, a Sysco company in 2025.
No incidents recorded for China National Travel Service (HK) Group Corporation in 2025.
Guest Worldwide, a Sysco company cyber incidents detection timeline including parent company and subsidiaries
China National Travel Service (HK) Group Corporation cyber incidents detection timeline including parent company and subsidiaries
Last 3 Security & Risk Events by Company
The Bold Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘percentage’ parameter in all versions up to, and including, 5.4.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
The ComboServlet in Liferay Portal 7.4.0 through 7.4.3.111, and older unsupported versions, and Liferay DXP 2023.Q4.0 through 2023.Q4.2, 2023.Q3.1 through 2023.Q3.5, 7.4 GA through update 92, 7.3 GA through update 35, and older unsupported versions does not limit the number or size of the files it will combine, which allows remote attackers to create very large responses that lead to a denial of service attack via the URL query string.
A relative path traversal vulnerability was discovered in Productivity Suite software version 4.4.1.19. The vulnerability allows an unauthenticated remote attacker to interact with the ProductivityService PLC simulator and delete arbitrary directories on the target machine.
A relative path traversal vulnerability was discovered in Productivity Suite software version 4.4.1.19. The vulnerability allows an unauthenticated remote attacker to interact with the ProductivityService PLC simulator and create arbitrary directories on the target machine.
A relative path traversal vulnerability was discovered in Productivity Suite software version 4.4.1.19. The vulnerability allows an unauthenticated remote attacker to interact with the ProductivityService PLC simulator and delete arbitrary files on the target machine.
