5 matches found
DEBIAN-CVE-2023-43377
A cross-site scripting XSS vulnerability in /hoteldruid/visualizzacontratto.php of Hoteldruid v3.0.5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the destinatarioemail1 parameter...
UBUNTU-CVE-2023-43377
A cross-site scripting XSS vulnerability in /hoteldruid/visualizzacontratto.php of Hoteldruid v3.0.5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the destinatarioemail1 parameter...
HotelDruid SQL Injection Vulnerability
HotelDruid is a hotel management system by the Digitaldruid.net team. The system includes features such as room management, financial management and inventory management. A security vulnerability exists in HotelDruid version v3.0.5, which originates from a cross-site scripting XSS vulnerability i...
PT-2023-28814 · Unknown +1 · Hoteldruid +1
Name of the Vulnerable Software and Affected Versions: Hoteldruid version 3.0.5 Description: A cross-site scripting XSS vulnerability in /hoteldruid/visualizza contratto.php allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the destinatario email1...
CVE-2019-9085
Hoteldruid before v2.3.1 allows remote authenticated users to cause a denial of service invoice-creation outage via the nfile parameter to visualizzacontratto.php with invalid arguments any non-numeric value, as demonstrated by the anno=2019&idtransazione=1&numerocontratto=1&nfile=a query string ...