Hoteldruid Security Vulnerabilities and Issues — Hoteldruid CVE List

Lucene search

DigitaldruidHoteldruid

5 matches found

CVE•added 2025/03/11 4:15 p.m.•54 views

CVE-2025-25747

Cross Site Scripting vulnerability in DigitalDruid HotelDruid v.3.0.7 allows an attacker to execute arbitrary code and obtain sensitive information via the ripristina_backup parameter in the crea_backup.php endpoint

5.4CVSS7AI score0.00073EPSS

CVE•added 2023/09/20 7:15 p.m.•45 views

CVE-2023-43376

A cross-site scripting (XSS) vulnerability in /hoteldruid/clienti.php of Hoteldruid v3.0.5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the nometipotariffa1 parameter.

5.4CVSS5.2AI score0.00084EPSS

CVE•added 2023/06/13 9:15 p.m.•44 views

CVE-2023-34537

A Reflected XSS was discovered in HotelDruid version 3.0.5, an attacker can issue malicious code/command on affected webpage's parameter to trick user on browser and/or exfiltrate data.

5.4CVSS5.1AI score0.12787EPSS

CVE•added 2023/05/03 3:15 a.m.•43 views

CVE-2023-29839

A Stored Cross Site Scripting (XSS) vulnerability exists in multiple pages of Hotel Druid version 3.0.4, which allows arbitrary execution of commands. The vulnerable fields are Surname, Name, and Nickname in the Document function.

5.4CVSS5.4AI score0.00283EPSS

CVE•added 2023/09/20 7:15 p.m.•43 views

CVE-2023-43377

A cross-site scripting (XSS) vulnerability in /hoteldruid/visualizza_contratto.php of Hoteldruid v3.0.5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the destinatario_email1 parameter.

5.4CVSS5.2AI score0.00084EPSS