HotelDruid 2.3.0 has XSS affecting the nsextt, cambia1, mese_fine, origine, and anno parameters in creaprezzi.php, tabella3.php, personalizza.php, and visualizza_tabelle.php.
References
Link | Resource |
---|---|
https://www.exploit-db.com/exploits/46429/ | Exploit Third Party Advisory VDB Entry |
https://sourceforge.net/projects/hoteldruid/ | Product Release Notes Third Party Advisory |
http://packetstormsecurity.com/files/151779/HotelDruid-2.3-Cross-Site-Scripting.html | Exploit Third Party Advisory VDB Entry |
Configurations
Information
Published : 2019-05-17 08:29
Updated : 2019-05-17 10:44
NVD link : CVE-2019-8937
Mitre link : CVE-2019-8937
JSON object : View
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Products Affected
digitaldruid
- hoteldruid