Jichngan

**Name of the Vulnerable Software and Affected Versions** Hotel Druid version 3.0.4 **Description** A Stored Cross Site Scripting (XSS) issue exists in multiple pages, allowing arbitrary execution of commands. The vulnerable fields are `Surname`, `Name`, and `Nickname` in the `Document` function. **Recommendations** For Hotel Druid version 3.0.4, consider disabling the `Document` function or restricting input for the `Surname`, `Name`, and `Nickname` fields until a patch is available. At the moment, there is no information about a newer version that contains a fix for this issue.