CVE-2019-8937

HotelDruid 2.3.0 has XSS affecting the nsextt, cambia1, mese_fine, origine, and anno parameters in creaprezzi.php, tabella3.php, personalizza.php, and visualizza_tabelle.php.
References
Link Resource
https://www.exploit-db.com/exploits/46429/ Exploit Third Party Advisory VDB Entry
https://sourceforge.net/projects/hoteldruid/ Product Release Notes Third Party Advisory
http://packetstormsecurity.com/files/151779/HotelDruid-2.3-Cross-Site-Scripting.html Exploit Third Party Advisory VDB Entry
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

cpe:2.3:a:digitaldruid:hoteldruid:2.3.0:*:*:*:*:*:*:*

Information

Published : 2019-05-17 08:29

Updated : 2019-05-17 10:44


NVD link : CVE-2019-8937

Mitre link : CVE-2019-8937


JSON object : View

CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Advertisement

dedicated server usa

Products Affected

digitaldruid

  • hoteldruid