Alexrydzak

**Name of the Vulnerable Software and Affected Versions** HotelDruid Hotel Management Software version 3.0.3 **Description** The issue is a cross-site scripting (XSS) vulnerability. It occurs via the `prezzoperiodo4` parameter in the `creaprezzi.php` file. **Recommendations** For HotelDruid Hotel Management Software version 3.0.3, consider restricting access to the `creaprezzi.php` file until a patch is available. As a temporary workaround, avoid using the `prezzoperiodo4` parameter in the affected API endpoint until the issue is resolved.