hoteldruid is vulnerable to cross site scripting. The vulnerability exists due to a lack of sanitization allowing an attacker to inject maliciously crafted script via the prezzoperiodo4 parameter in creaprezzi.php.
CPE | Name | Operator | Version |
---|---|---|---|
hoteldruid:sid | eq | 3.0.1-1 | |
hoteldruid:sid | eq | 3.0.1-1 |