CVE-2022-26564
published 2022-04-26CVE-2022-26564: HotelDruid Hotel Management Software v3.0.3 contains a cross-site scripting (XSS) vulnerability via the prezzoperiodo4 parameter in creaprezzi.php.
PriorityP337medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
EXPLOIT
EPSS
2.71%
84.1th percentile
HotelDruid Hotel Management Software v3.0.3 contains a cross-site scripting (XSS) vulnerability via the prezzoperiodo4 parameter in creaprezzi.php.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | hoteldruid | < hoteldruid 3.0.4-1 (bookworm) | hoteldruid 3.0.4-1 (bookworm) |
| digitaldruid | hoteldruid | — | — |
| digitaldruid | hoteldruid | >= 0 < 3.0.4-1 | 3.0.4-1 |
CVSS provenance
nvdv3.16.1MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
osv6.1MEDIUM
vendor_debian6.1MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-5m39-hcqr-g6xh: HotelDruid Hotel Management Software v3
ghsa_unreviewed·2022-04-28
CVE-2022-26564 [MEDIUM] CWE-79 GHSA-5m39-hcqr-g6xh: HotelDruid Hotel Management Software v3
HotelDruid Hotel Management Software v3.0.3 contains a cross-site scripting (XSS) vulnerability via the prezzoperiodo4 parameter in creaprezzi.php.
OSV
CVE-2022-26564: HotelDruid Hotel Management Software v3
osv·2022-04-26·CVSS 6.1
CVE-2022-26564 [MEDIUM] CVE-2022-26564: HotelDruid Hotel Management Software v3
HotelDruid Hotel Management Software v3.0.3 contains a cross-site scripting (XSS) vulnerability via the prezzoperiodo4 parameter in creaprezzi.php.
Debian
CVE-2022-26564: hoteldruid - HotelDruid Hotel Management Software v3.0.3 contains a cross-site scripting (XSS...
vendor_debian·2022·CVSS 6.1
CVE-2022-26564 [MEDIUM] CVE-2022-26564: hoteldruid - HotelDruid Hotel Management Software v3.0.3 contains a cross-site scripting (XSS...
HotelDruid Hotel Management Software v3.0.3 contains a cross-site scripting (XSS) vulnerability via the prezzoperiodo4 parameter in creaprezzi.php.
Scope: local
bookworm: resolved (fixed in 3.0.4-1)
bullseye: open
sid: resolved (fixed in 3.0.4-1)
No detection rules found.
Nuclei
HotelDruid Hotel Management Software 3.0.3 - Cross-Site Scripting
nuclei·CVSS 6.1
CVE-2022-26564 [MEDIUM] HotelDruid Hotel Management Software 3.0.3 - Cross-Site Scripting
HotelDruid Hotel Management Software 3.0.3 - Cross-Site Scripting
HotelDruid Hotel Management Software 3.0.3 contains a cross-site scripting vulnerability via the prezzoperiodo4 parameter in creaprezzi.php.
Template:
id: CVE-2022-26564
info:
name: HotelDruid Hotel Management Software 3.0.3 - Cross-Site Scripting
author: alexrydzak
severity: medium
description: |
HotelDruid Hotel Management Software 3.0.3 contains a cross-site scripting vulnerability via the prezzoperiodo4 parameter in creaprezzi.php.
impact: |
Successful exploitation of this vulnerability could allow an attacker to execute malicious scripts in the context of a victim's browser, leading to potential data theft, session hijacking, or defacement of the affected website.
remediation: |
Upgrade to the latest version to miti
2022-04-26
Published