Vulnerabilities (CVE)

  1. OpenCVE
  2. Vulnerabilities (CVE)
Filtered by vendor Digitaldruid Subscribe

CVSS v3 Filter

ALL
NONE (0.0) LOW (0.1 - 3.9) MEDIUM (4.0 - 6.9) HIGH (7.0 - 8.9) CRITICAL (9.0 - 10.0)

Search

Total 7 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-47164 1 Digitaldruid 1 Hoteldruid 2023-11-16 N/A 6.1 MEDIUM
Cross-site scripting vulnerability in HOTELDRUID 3.0.5 and earlier allows a remote unauthenticated attacker to execute an arbitrary script on the web browser of the user who is logging in to the product.
CVE-2022-26564 1 Digitaldruid 1 Hoteldruid 2022-05-04 4.3 MEDIUM 6.1 MEDIUM
HotelDruid Hotel Management Software v3.0.3 contains a cross-site scripting (XSS) vulnerability via the prezzoperiodo4 parameter in creaprezzi.php.
CVE-2021-38559 1 Digitaldruid 1 Hoteldruid 2021-08-27 4.3 MEDIUM 6.1 MEDIUM
DigitalDruid HotelDruid 3.0.2 has an XSS vulnerability in prenota.php affecting the fineperiodo1 parameter.
CVE-2021-37833 1 Digitaldruid 1 Hoteldruid 2021-08-11 4.3 MEDIUM 6.1 MEDIUM
A reflected cross-site scripting (XSS) vulnerability exists in multiple pages in version 3.0.2 of the Hotel Druid application that allows for arbitrary execution of JavaScript commands.
CVE-2019-9084 1 Digitaldruid 1 Hoteldruid 2019-07-01 4.0 MEDIUM 4.9 MEDIUM
In Hoteldruid before 2.3.1, a division by zero was discovered in $num_tabelle in tab_tariffe.php (aka the numtariffa1 parameter) due to the mishandling of non-numeric values, as demonstrated by the /tab_tariffe.php?anno=[YEAR]&numtariffa1=1a URI. It could allow an administrator to conduct remote denial of service (disrupting certain business functions of the product).
CVE-2019-9085 1 Digitaldruid 1 Hoteldruid 2019-06-27 4.0 MEDIUM 6.5 MEDIUM
Hoteldruid before v2.3.1 allows remote authenticated users to cause a denial of service (invoice-creation outage) via the n_file parameter to visualizza_contratto.php with invalid arguments (any non-numeric value), as demonstrated by the anno=2019&id_transazione=1&numero_contratto=1&n_file=a query string to visualizza_contratto.php.
CVE-2019-8937 1 Digitaldruid 1 Hoteldruid 2019-05-17 4.3 MEDIUM 6.1 MEDIUM
HotelDruid 2.3.0 has XSS affecting the nsextt, cambia1, mese_fine, origine, and anno parameters in creaprezzi.php, tabella3.php, personalizza.php, and visualizza_tabelle.php.