3.0.2

DATE	CVE	VULNERABILITY TITLE	RISK
2023-11-10	CVE-2023-47164	Cross-site Scripting vulnerability in Digitaldruid Hoteldruid Cross-site scripting vulnerability in HOTELDRUID 3.0.5 and earlier allows a remote unauthenticated attacker to execute an arbitrary script on the web browser of the user who is logging in to the product. network low complexity digitaldruid CWE-79	6.1
2022-09-16	CVE-2021-42948	Cleartext Transmission of Sensitive Information vulnerability in Digitaldruid Hoteldruid HotelDruid Hotel Management Software v3.0.3 and below was discovered to have exposed session tokens in multiple links via GET parameters, allowing attackers to access user session id's. network high complexity digitaldruid CWE-319	3.7
2021-08-26	CVE-2021-38559	Cross-site Scripting vulnerability in Digitaldruid Hoteldruid 3.0.2 DigitalDruid HotelDruid 3.0.2 has an XSS vulnerability in prenota.php affecting the fineperiodo1 parameter. network low complexity digitaldruid CWE-79	6.1
2021-08-03	CVE-2021-37832	SQL Injection vulnerability in Digitaldruid Hoteldruid 3.0.2 A SQL injection vulnerability exists in version 3.0.2 of Hotel Druid when SQLite is being used as the application database. network low complexity digitaldruid CWE-89 critical	9.8
2021-08-03	CVE-2021-37833	Cross-site Scripting vulnerability in Digitaldruid Hoteldruid 3.0.2 A reflected cross-site scripting (XSS) vulnerability exists in multiple pages in version 3.0.2 of the Hotel Druid application that allows for arbitrary execution of JavaScript commands. network low complexity digitaldruid CWE-79	6.1