Vulnerabilities > Digitaldruid > Hoteldruid > 3.0.3

DATE CVE VULNERABILITY TITLE RISK
2023-11-10 CVE-2023-47164 Cross-site Scripting vulnerability in Digitaldruid Hoteldruid
Cross-site scripting vulnerability in HOTELDRUID 3.0.5 and earlier allows a remote unauthenticated attacker to execute an arbitrary script on the web browser of the user who is logging in to the product.
network
low complexity
digitaldruid CWE-79
6.1
6.1
2022-09-16 CVE-2021-42948 Cleartext Transmission of Sensitive Information vulnerability in Digitaldruid Hoteldruid
HotelDruid Hotel Management Software v3.0.3 and below was discovered to have exposed session tokens in multiple links via GET parameters, allowing attackers to access user session id's.
network
high complexity
digitaldruid CWE-319
3.7
3.7
2022-09-16 CVE-2021-42949 Improper Authentication vulnerability in Digitaldruid Hoteldruid 3.0.3
The component controlla_login function in HotelDruid Hotel Management Software v3.0.3 generates a predictable session token, allowing attackers to bypass authentication via bruteforce attacks.
network
low complexity
digitaldruid CWE-287
critical
 9.8
9.8
2022-04-26 CVE-2022-26564 Cross-site Scripting vulnerability in Digitaldruid Hoteldruid 3.0.3
HotelDruid Hotel Management Software v3.0.3 contains a cross-site scripting (XSS) vulnerability via the prezzoperiodo4 parameter in creaprezzi.php.
network
low complexity
digitaldruid CWE-79
6.1
6.1
2022-03-03 CVE-2022-22909 Code Injection vulnerability in Digitaldruid Hoteldruid 3.0.3
HotelDruid v3.0.3 was discovered to contain a remote code execution (RCE) vulnerability which is exploited via an attacker inserting a crafted payload into the name field under the Create New Room module.
network
low complexity
digitaldruid CWE-94
8.8
8.8