A Stored Cross Site Scripting (XSS) vulnerability exists in multiple pages of Hotel Druid version 3.0.4, which allows arbitrary execution of commands. The vulnerable fields are Surname, Name, and Nickname in the Document function.
References
Link | Resource |
---|---|
https://github.com/jichngan/CVE-2023-29839 | Exploit |
https://github.com/jichngan/CVE-2023-29839 | Exploit |
Configurations
History
21 Nov 2024, 07:57
Type | Values Removed | Values Added |
---|---|---|
References | () https://github.com/jichngan/CVE-2023-29839 - Exploit |
Information
Published : 2023-05-03 03:15
Updated : 2024-11-21 07:57
NVD link : CVE-2023-29839
Mitre link : CVE-2023-29839
CVE.ORG link : CVE-2023-29839
JSON object : View
Products Affected
digitaldruid
- hotel_druid
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')