Published: 17/05/2019 Updated: 17/05/2019

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

CVSS v3 Base Score: 6.1 | Impact Score: 2.7 | Exploitability Score: 2.8

VMScore: 435

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

HotelDruid 2.3.0 has XSS affecting the nsextt, cambia1, mese_fine, origine, and anno parameters in creaprezzi.php, tabella3.php, personalizza.php, and visualizza_tabelle.php.

Vulnerable Product	Search on Vulmon	Subscribe to Product
digitaldruid hoteldruid 2.3.0

Debian Bug report logs - #929136 hoteldruid: CVE-2019-8937 Package: src:hoteldruid; Maintainer for src:hoteldruid is Marco Maria Francesco De Santis <marco@digitaldruidnet>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Fri, 17 May 2019 20:51:02 UTC Severity: grave Tags: security, upstream Found in ve ...

=========================================================================================== # Exploit Title: Hoteldruid 23 - 'nsextt' XSS Injection # CVE: CVE-2019-8937 # Date: 18-02-2019 # Exploit Author: Mehmet EMIROGLU # Vendor Homepage: sourceforgenet/projects/hoteldruid/ # Software Link: sourceforgenet/projects/hoteldruid/ # ...

HotelDruid version 23 suffers from a cross site scripting vulnerability ...

CWE-79 https://www.exploit-db.com/exploits/46429/https://sourceforge.net/projects/hoteldruid/http://packetstormsecurity.com/files/151779/HotelDruid-2.3-Cross-Site-Scripting.html https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=929136 https://nvd.nist.gov https://www.exploit-db.com/exploits/46429

CVE-2019-8937

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Exploits

References

Vulmon Search

About

Products

Connect