Hoteldruid Security Vulnerabilities and Issues — Hoteldruid CVE List

Lucene search

DigitaldruidHoteldruid

6 matches found

CVE•added 2023/09/20 7:15 p.m.•52 views

CVE-2023-43373

Hoteldruid v3.0.5 was discovered to contain a SQL injection vulnerability via the n_utente_agg parameter at /hoteldruid/interconnessioni.php.

9.8CVSS9.8AI score0.19626EPSS

CVE•added 2023/09/20 7:15 p.m.•45 views

CVE-2023-43376

A cross-site scripting (XSS) vulnerability in /hoteldruid/clienti.php of Hoteldruid v3.0.5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the nometipotariffa1 parameter.

5.4CVSS5.2AI score0.00084EPSS

CVE•added 2023/09/20 7:15 p.m.•43 views

CVE-2023-43377

A cross-site scripting (XSS) vulnerability in /hoteldruid/visualizza_contratto.php of Hoteldruid v3.0.5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the destinatario_email1 parameter.

5.4CVSS5.2AI score0.00084EPSS

CVE•added 2023/09/20 7:15 p.m.•41 views

CVE-2023-43374

Hoteldruid v3.0.5 was discovered to contain a SQL injection vulnerability via the id_utente_log parameter at /hoteldruid/personalizza.php.

9.8CVSS9.8AI score0.19626EPSS

CVE•added 2023/09/20 7:15 p.m.•39 views

CVE-2023-43371

Hoteldruid v3.0.5 was discovered to contain a SQL injection vulnerability via the numcaselle parameter at /hoteldruid/creaprezzi.php.

9.8CVSS9.8AI score0.00296EPSS

CVE•added 2023/09/20 7:15 p.m.•34 views

CVE-2023-43375

Hoteldruid v3.0.5 was discovered to contain multiple SQL injection vulnerabilities at /hoteldruid/clienti.php via the annonascita, annoscaddoc, giornonascita, giornoscaddoc, lingua_cli, mesenascita, and mesescaddoc parameters.

9.8CVSS10AI score0.00066EPSS