CVE-2019-8937

Name of the Vulnerable Software and Affected Versions HotelDruid version 2.3.0

Description The issue affects the nsextt, cambia1, mese fine, origine, and anno parameters in several PHP files, including creaprezzi.php, tabella3.php, personalizza.php, and visualizza tabelle.php, allowing for XSS exploitation.

Recommendations For HotelDruid version 2.3.0, consider restricting access to the affected PHP files until a patch is available. As a temporary workaround, avoid using the nsextt, cambia1, mese fine, origine, and anno parameters in the affected API endpoints until the issue is resolved.