Vulnerabilities > Digitaldruid > Hoteldruid > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-11-10 | CVE-2023-47164 | Cross-site Scripting vulnerability in Digitaldruid Hoteldruid Cross-site scripting vulnerability in HOTELDRUID 3.0.5 and earlier allows a remote unauthenticated attacker to execute an arbitrary script on the web browser of the user who is logging in to the product. | 6.1 |
| 2023-09-20 | CVE-2023-43376 | Cross-site Scripting vulnerability in Digitaldruid Hoteldruid 3.0.5 A cross-site scripting (XSS) vulnerability in /hoteldruid/clienti.php of Hoteldruid v3.0.5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the nometipotariffa1 parameter. | 5.4 |
| 2023-09-20 | CVE-2023-43377 | SQL Injection vulnerability in Digitaldruid Hoteldruid 3.0.5 A cross-site scripting (XSS) vulnerability in /hoteldruid/visualizza_contratto.php of Hoteldruid v3.0.5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the destinatario_email1 parameter. | 5.4 |
| 2023-06-13 | CVE-2023-34537 | Cross-site Scripting vulnerability in Digitaldruid Hoteldruid 3.0.5 A Reflected XSS was discovered in HotelDruid version 3.0.5, an attacker can issue malicious code/command on affected webpage's parameter to trick user on browser and/or exfiltrate data. | 5.4 |
| 2022-04-26 | CVE-2022-26564 | Cross-site Scripting vulnerability in Digitaldruid Hoteldruid 3.0.3 HotelDruid Hotel Management Software v3.0.3 contains a cross-site scripting (XSS) vulnerability via the prezzoperiodo4 parameter in creaprezzi.php. | 4.3 |
| 2022-03-03 | CVE-2022-22909 | Code Injection vulnerability in Digitaldruid Hoteldruid 3.0.3 HotelDruid v3.0.3 was discovered to contain a remote code execution (RCE) vulnerability which is exploited via an attacker inserting a crafted payload into the name field under the Create New Room module. | 6.5 |
| 2021-08-26 | CVE-2021-38559 | Cross-site Scripting vulnerability in Digitaldruid Hoteldruid 3.0.2 DigitalDruid HotelDruid 3.0.2 has an XSS vulnerability in prenota.php affecting the fineperiodo1 parameter. | 4.3 |
| 2021-08-03 | CVE-2021-37833 | Cross-site Scripting vulnerability in Digitaldruid Hoteldruid 3.0.2 A reflected cross-site scripting (XSS) vulnerability exists in multiple pages in version 3.0.2 of the Hotel Druid application that allows for arbitrary execution of JavaScript commands. | 4.3 |
| 2019-06-24 | CVE-2019-9085 | Improper Input Validation vulnerability in Digitaldruid Hoteldruid Hoteldruid before v2.3.1 allows remote authenticated users to cause a denial of service (invoice-creation outage) via the n_file parameter to visualizza_contratto.php with invalid arguments (any non-numeric value), as demonstrated by the anno=2019&id_transazione=1&numero_contratto=1&n_file=a query string to visualizza_contratto.php. | 4.0 |
| 2019-06-07 | CVE-2019-9084 | Divide By Zero vulnerability in Digitaldruid Hoteldruid In Hoteldruid before 2.3.1, a division by zero was discovered in $num_tabelle in tab_tariffe.php (aka the numtariffa1 parameter) due to the mishandling of non-numeric values, as demonstrated by the /tab_tariffe.php?anno=[YEAR]&numtariffa1=1a URI. | 4.0 |