CVE-2019-8937

🗓️ 17 May 2019 14:55:56Reported by mitreType

cve

cve🔗 web.nvd.nist.gov👁 91 Views🌐 WEB

HotelDruid 2.3.0 XSS in multiple parameter

Reporter	Title	Published	Views	Family All 15
0day.today	HotelDruid 2.3 - Cross-Site Scripting Vulnerability	20 Feb 201900:00	–	zdt
Circl	CVE-2019-8937	17 May 201915:47	–	circl
CNVD	HotelDruid Cross-Site Scripting Vulnerability	21 Feb 201900:00	–	cnvd
Cvelist	CVE-2019-8937	17 May 201914:55	–	cvelist
Debian CVE	CVE-2019-8937	17 May 201914:55	–	debiancve
Exploit DB	HotelDruid 2.3 - Cross-Site Scripting	20 Feb 201900:00	–	exploitdb
exploitpack	HotelDruid 2.3 - Cross-Site Scripting	20 Feb 201900:00	–	exploitpack
Nuclei	HotelDruid 2.3.0 - Cross-Site Scripting	25 Jun 202605:45	–	nuclei
NVD	CVE-2019-8937	17 May 201915:29	–	nvd
OSV	DEBIAN-CVE-2019-8937	17 May 201915:29	–	osv

NVD

Node

digitaldruid hoteldruidMatch2.3.0

Source	Link
packetstormsecurity	www.packetstormsecurity.com/files/151779/HotelDruid-2.3-Cross-Site-Scripting.html
sourceforge	www.sourceforge.net/projects/hoteldruid/
exploit-db	www.exploit-db.com/exploits/46429/

Parameter	Position	Path	Description	CWE
nsextt	query param	/hoteldruid/visualizza_tabelle.php	XSS in nsextt parameter leading to script injection	CWE-79
cambia1	query param	/hoteldruid/visualizza_tabelle.php	XSS in cambia1 parameter leading to script injection	CWE-79
mese_fine	query param	/hoteldruid/visualizza_tabelle.php	XSS in mese_fine parameter leading to script injection	CWE-79
origine	query param	/hoteldruid/personalizza.php	XSS in origine parameter leading to script injection	CWE-79
anno	query param	/hoteldruid/tabella3.php	XSS in anno parameter leading to script injection	CWE-79
origine	query param	/hoteldruid/creaprezzi.php	XSS in origine parameter leading to script injection	CWE-79

17 Jun 2026 02:42Current

5.8Medium risk

Vulners AI Score5.8

CVSS 24.3

CVSS 36.1

EPSS0.1068

cve-2019-8937 hoteldruid xss creaprezzi.php tabella3.php personalizza.php visualizza_tabelle.php