cbcvebase.

Digitaldruid Hoteldruid vulnerabilities

30 known vulnerabilities affecting digitaldruid/hoteldruid.

Total CVEs
30
CISA KEV
0
Public exploits
8
Exploited in wild
0
Severity breakdown
CRITICAL9HIGH6MEDIUM14LOW1

Vulnerabilities

Page 2 of 2
CVE-2023-47164P4MEDIUMCVSS 6.1≤ 3.0.52023-11-10
CVE-2023-47164 [MEDIUM] CWE-79 CVE-2023-47164: Cross-site scripting vulnerability in HOTELDRUID 3.0.5 and earlier allows a remote unauthenticated a Cross-site scripting vulnerability in HOTELDRUID 3.0.5 and earlier allows a remote unauthenticated attacker to execute an arbitrary script on the web browser of the user who is logging in to the product.
nvd
CVE-2021-38559P4MEDIUMCVSS 6.1v3.0.22021-08-26
CVE-2021-38559 [MEDIUM] CWE-79 CVE-2021-38559: DigitalDruid HotelDruid 3.0.2 has an XSS vulnerability in prenota.php affecting the fineperiodo1 par DigitalDruid HotelDruid 3.0.2 has an XSS vulnerability in prenota.php affecting the fineperiodo1 parameter.
nvdosv
CVE-2025-55816P4MEDIUMCVSS 6.1≤ 3.0.72025-12-11
CVE-2025-55816 [MEDIUM] CWE-79 CVE-2025-55816: HotelDruid v3.0.7 and before is vulnerable to Cross Site Scripting (XSS) in the /modifica_app.php fi HotelDruid v3.0.7 and before is vulnerable to Cross Site Scripting (XSS) in the /modifica_app.php file.
nvd
CVE-2023-29839P4MEDIUMCVSS 5.4v3.0.42023-05-03
CVE-2023-29839 [MEDIUM] CWE-79 CVE-2023-29839: A Stored Cross Site Scripting (XSS) vulnerability exists in multiple pages of Hotel Druid version 3. A Stored Cross Site Scripting (XSS) vulnerability exists in multiple pages of Hotel Druid version 3.0.4, which allows arbitrary execution of commands. The vulnerable fields are Surname, Name, and Nickname in the Document function.
nvd
CVE-2025-25747P4MEDIUMCVSS 5.4v3.0.72025-03-11
CVE-2025-25747 [MEDIUM] CWE-79 CVE-2025-25747: Cross Site Scripting vulnerability in DigitalDruid HotelDruid v.3.0.7 allows an attacker to execute Cross Site Scripting vulnerability in DigitalDruid HotelDruid v.3.0.7 allows an attacker to execute arbitrary code and obtain sensitive information via the ripristina_backup parameter in the crea_backup.php endpoint
nvd
CVE-2023-43378P4MEDIUMCVSS 6.1v3.0.52025-04-22
CVE-2023-43378 [MEDIUM] CWE-79 CVE-2023-43378: A cross-site scripting (XSS) vulnerability in Hoteldruid v3.0.5 allows attackers to execute arbitrar A cross-site scripting (XSS) vulnerability in Hoteldruid v3.0.5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the commento1_1 parameter.
nvd
CVE-2019-9084P4MEDIUMCVSS 4.9fixed in 2.3.12019-06-07
CVE-2019-9084 [MEDIUM] CWE-369 CVE-2019-9084: In Hoteldruid before 2.3.1, a division by zero was discovered in $num_tabelle in tab_tariffe.php (ak In Hoteldruid before 2.3.1, a division by zero was discovered in $num_tabelle in tab_tariffe.php (aka the numtariffa1 parameter) due to the mishandling of non-numeric values, as demonstrated by the /tab_tariffe.php?anno=[YEAR]&numtariffa1=1a URI. It could allow an administrator to conduct remote denial of service (disrupting certain business functions
nvdosv
CVE-2023-43377P4MEDIUMCVSS 5.4v3.0.52023-09-20
CVE-2023-43377 [MEDIUM] CWE-89 CVE-2023-43377: A cross-site scripting (XSS) vulnerability in /hoteldruid/visualizza_contratto.php of Hoteldruid v3. A cross-site scripting (XSS) vulnerability in /hoteldruid/visualizza_contratto.php of Hoteldruid v3.0.5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the destinatario_email1 parameter.
nvd
CVE-2023-43376P4MEDIUMCVSS 5.4v3.0.52023-09-20
CVE-2023-43376 [MEDIUM] CWE-79 CVE-2023-43376: A cross-site scripting (XSS) vulnerability in /hoteldruid/clienti.php of Hoteldruid v3.0.5 allows at A cross-site scripting (XSS) vulnerability in /hoteldruid/clienti.php of Hoteldruid v3.0.5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the nometipotariffa1 parameter.
nvd
CVE-2021-42948P4LOWCVSS 3.7≤ 3.0.32022-09-16
CVE-2021-42948 [LOW] CWE-319 CVE-2021-42948: HotelDruid Hotel Management Software v3.0.3 and below was discovered to have exposed session tokens HotelDruid Hotel Management Software v3.0.3 and below was discovered to have exposed session tokens in multiple links via GET parameters, allowing attackers to access user session id's.
nvdosv
Digitaldruid Hoteldruid vulnerabilities | cvebase