Lucene search

Veracode Vulnerability DatabaseVERACODE:44402

HistoryNov 28, 2023 - 2:10 a.m.

Cross-Site Scripting

2023-11-2802:10:10

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

hoteldruid

vulnerability

cross-site scripting

web page generation

remote attacker

arbitrary script

web browser

user

logging in

software

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

7.2 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

33.3%

JSON

hoteldruid is vulnerable to Cross-Site Scripting. The vulnerability is due to improper neutralization of input during web page generation. This allows a remote unauthenticated attacker to execute an arbitrary script on the web browser of the user who is logging in to the product.

CPENameOperatorVersion
hoteldruid:sideq3.0.1-1
hoteldruid:sideq3.0.1-1

CPE	Name	Operator	Version
	hoteldruid:sid	eq	3.0.1-1
	hoteldruid:sid	eq	3.0.1-1

References

jvn.jp/en/jp/JVN99177549/

security-tracker.debian.org/tracker/CVE-2023-47164

www.hoteldruid.com/

www.hoteldruid.com/en/download.html

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

7.2 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

33.3%

JSON

Related for VERACODE:44402