Hoteldruid@3.0.5 Security Vulnerabilities and Issues — Hoteldruid@3.0.5 CVE List

Lucene search

DigitaldruidHoteldruid3.0.5

9 matches found

CVE•added 2023/06/13 9:15 p.m.•130 views

CVE-2023-33817

hoteldruid v3.0.5 was discovered to contain a SQL injection vulnerability.

8.8CVSS9AI score0.12001EPSS

CVE•added 2025/04/22 6:15 p.m.•73 views

CVE-2023-43378

A cross-site scripting (XSS) vulnerability in Hoteldruid v3.0.5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the commento1_1 parameter.

6.1CVSS5.9AI score0.00051EPSS

CVE•added 2023/09/20 7:15 p.m.•52 views

CVE-2023-43373

Hoteldruid v3.0.5 was discovered to contain a SQL injection vulnerability via the n_utente_agg parameter at /hoteldruid/interconnessioni.php.

9.8CVSS9.8AI score0.19626EPSS

CVE•added 2023/09/20 7:15 p.m.•45 views

CVE-2023-43376

A cross-site scripting (XSS) vulnerability in /hoteldruid/clienti.php of Hoteldruid v3.0.5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the nometipotariffa1 parameter.

5.4CVSS5.2AI score0.00084EPSS

CVE•added 2023/06/13 9:15 p.m.•44 views

CVE-2023-34537

A Reflected XSS was discovered in HotelDruid version 3.0.5, an attacker can issue malicious code/command on affected webpage's parameter to trick user on browser and/or exfiltrate data.

5.4CVSS5.1AI score0.07489EPSS

CVE•added 2023/09/20 7:15 p.m.•43 views

CVE-2023-43377

A cross-site scripting (XSS) vulnerability in /hoteldruid/visualizza_contratto.php of Hoteldruid v3.0.5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the destinatario_email1 parameter.

5.4CVSS5.2AI score0.00084EPSS

CVE•added 2023/09/20 7:15 p.m.•41 views

CVE-2023-43374

Hoteldruid v3.0.5 was discovered to contain a SQL injection vulnerability via the id_utente_log parameter at /hoteldruid/personalizza.php.

9.8CVSS9.8AI score0.19626EPSS

CVE•added 2023/09/20 7:15 p.m.•39 views

CVE-2023-43371

Hoteldruid v3.0.5 was discovered to contain a SQL injection vulnerability via the numcaselle parameter at /hoteldruid/creaprezzi.php.

9.8CVSS9.8AI score0.00296EPSS

CVE•added 2023/09/20 7:15 p.m.•34 views

CVE-2023-43375

Hoteldruid v3.0.5 was discovered to contain multiple SQL injection vulnerabilities at /hoteldruid/clienti.php via the annonascita, annoscaddoc, giornonascita, giornoscaddoc, lingua_cli, mesenascita, and mesescaddoc parameters.

9.8CVSS10AI score0.00066EPSS