PT-2023-30339 · Unknown+1 · Hoteldruid+1

Tomoro Taniguchi

Published

2023-11-10

Updated

2023-11-16

CVE-2023-47164

CVSS v3.1

6.1

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions HOTELDRUID versions 3.0.5 and earlier

Description A cross-site scripting issue allows a remote unauthenticated attacker to execute an arbitrary script on the web browser of the user who is logging in to the product. This enables the attacker to perform actions as the victim user.

Recommendations For HOTELDRUID versions 3.0.5 and earlier, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2023-47164

Affected Products

Debian

Hoteldruid

PT-2023-30339 · Unknown+1 · Hoteldruid+1

CVE-2023-47164

Weakness Enumeration

Related Identifiers

Affected Products

References · 12