PT-2019-19270 · Digitaldruid · Hoteldruid
Mehmet Emiroglu
·
Published
2019-05-17
·
Updated
2019-05-17
·
CVE-2019-8937
CVSS v3.1
6.1
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
HotelDruid version 2.3.0
Description
The issue affects the
nsextt, cambia1, mese fine, origine, and anno parameters in several PHP files, including creaprezzi.php, tabella3.php, personalizza.php, and visualizza tabelle.php, allowing for XSS exploitation.Recommendations
For HotelDruid version 2.3.0, consider restricting access to the affected PHP files until a patch is available. As a temporary workaround, avoid using the
nsextt, cambia1, mese fine, origine, and anno parameters in the affected API endpoints until the issue is resolved.Exploit
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Hoteldruid