Lucene search

Japan Vulnerability NotesJVN:99177549

HistoryNov 10, 2023 - 12:00 a.m.

JVN#99177549: HOTELDRUID vulnerable to cross-site scripting

2023-11-1000:00:00

Japan Vulnerability Notes

jvn.jp

hoteldruid

digitaldruid.net

cross-site scripting

cwe-79

software update

web browser

version 3.0.5

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

6.4 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

33.3%

JSON

HOTELDRUID provided by DigitalDruid.Net contains a cross-site scripting vulnerability (CWE-79).

Impact

An arbitrary script may be executed on the web browser of the user who is logging in to the product.

Solution

Update the software
Update the software according to the information provided by the developer.

Products Affected

HOTELDRUID version 3.0.5 and earlier

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

6.4 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

33.3%

JSON

Related for JVN:99177549