CVE-2023-43377

Name of the Vulnerable Software and Affected Versions Hoteldruid version 3.0.5

Description A cross-site scripting (XSS) vulnerability in /hoteldruid/visualizza contratto.php allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the destinatario email1 parameter. This issue enables attackers to potentially manipulate web content, posing a risk to users interacting with the affected system.

Recommendations For Hoteldruid version 3.0.5, consider disabling access to the /hoteldruid/visualizza contratto.php endpoint until a patch is available, and restrict the use of the destinatario email1 parameter to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.