Vulnerabilities > Digitaldruid > Hoteldruid > 3.0.2

DATE CVE VULNERABILITY TITLE RISK
2023-11-10 CVE-2023-47164 Cross-site Scripting vulnerability in Digitaldruid Hoteldruid
Cross-site scripting vulnerability in HOTELDRUID 3.0.5 and earlier allows a remote unauthenticated attacker to execute an arbitrary script on the web browser of the user who is logging in to the product.
network
low complexity
digitaldruid CWE-79
6.1
6.1
2021-08-26 CVE-2021-38559 Cross-site Scripting vulnerability in Digitaldruid Hoteldruid 3.0.2
DigitalDruid HotelDruid 3.0.2 has an XSS vulnerability in prenota.php affecting the fineperiodo1 parameter. 		4.3
4.3
2021-08-03 CVE-2021-37832 SQL Injection vulnerability in Digitaldruid Hoteldruid 3.0.2
A SQL injection vulnerability exists in version 3.0.2 of Hotel Druid when SQLite is being used as the application database.
network
low complexity
digitaldruid CWE-89
7.5
7.5
2021-08-03 CVE-2021-37833 Cross-site Scripting vulnerability in Digitaldruid Hoteldruid 3.0.2
A reflected cross-site scripting (XSS) vulnerability exists in multiple pages in version 3.0.2 of the Hotel Druid application that allows for arbitrary execution of JavaScript commands. 		4.3
4.3