Vulnerabilities > Digitaldruid > Hoteldruid > 3.0.5

DATE CVE VULNERABILITY TITLE RISK
2023-11-10 CVE-2023-47164 Cross-site Scripting vulnerability in Digitaldruid Hoteldruid
Cross-site scripting vulnerability in HOTELDRUID 3.0.5 and earlier allows a remote unauthenticated attacker to execute an arbitrary script on the web browser of the user who is logging in to the product.
network
low complexity
digitaldruid CWE-79
6.1
6.1
2023-09-20 CVE-2023-43371 SQL Injection vulnerability in Digitaldruid Hoteldruid 3.0.5
Hoteldruid v3.0.5 was discovered to contain a SQL injection vulnerability via the numcaselle parameter at /hoteldruid/creaprezzi.php.
network
low complexity
digitaldruid CWE-89
critical
 9.8
9.8
2023-09-20 CVE-2023-43373 SQL Injection vulnerability in Digitaldruid Hoteldruid 3.0.5
Hoteldruid v3.0.5 was discovered to contain a SQL injection vulnerability via the n_utente_agg parameter at /hoteldruid/interconnessioni.php.
network
low complexity
digitaldruid CWE-89
critical
 9.8
9.8
2023-09-20 CVE-2023-43374 SQL Injection vulnerability in Digitaldruid Hoteldruid 3.0.5
Hoteldruid v3.0.5 was discovered to contain a SQL injection vulnerability via the id_utente_log parameter at /hoteldruid/personalizza.php.
network
low complexity
digitaldruid CWE-89
critical
 9.8
9.8
2023-09-20 CVE-2023-43375 SQL Injection vulnerability in Digitaldruid Hoteldruid 3.0.5
Hoteldruid v3.0.5 was discovered to contain multiple SQL injection vulnerabilities at /hoteldruid/clienti.php via the annonascita, annoscaddoc, giornonascita, giornoscaddoc, lingua_cli, mesenascita, and mesescaddoc parameters.
network
low complexity
digitaldruid CWE-89
critical
 9.8
9.8
2023-09-20 CVE-2023-43376 Cross-site Scripting vulnerability in Digitaldruid Hoteldruid 3.0.5
A cross-site scripting (XSS) vulnerability in /hoteldruid/clienti.php of Hoteldruid v3.0.5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the nometipotariffa1 parameter.
network
low complexity
digitaldruid CWE-79
5.4
5.4
2023-09-20 CVE-2023-43377 SQL Injection vulnerability in Digitaldruid Hoteldruid 3.0.5
A cross-site scripting (XSS) vulnerability in /hoteldruid/visualizza_contratto.php of Hoteldruid v3.0.5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the destinatario_email1 parameter.
network
low complexity
digitaldruid CWE-89
5.4
5.4
2023-06-13 CVE-2023-33817 SQL Injection vulnerability in Digitaldruid Hoteldruid 3.0.5
hoteldruid v3.0.5 was discovered to contain a SQL injection vulnerability.
network
low complexity
digitaldruid CWE-89
8.8
8.8
2023-06-13 CVE-2023-34537 Cross-site Scripting vulnerability in Digitaldruid Hoteldruid 3.0.5
A Reflected XSS was discovered in HotelDruid version 3.0.5, an attacker can issue malicious code/command on affected webpage's parameter to trick user on browser and/or exfiltrate data.
network
low complexity
digitaldruid CWE-79
5.4
5.4