CVE-2023-34537

A Reflected XSS was discovered in HotelDruid version 3.0.5, an attacker can issue malicious code/command on affected webpage's parameter to trick user on browser and/or exfiltrate data.
Configurations

Configuration 1 (hide)

cpe:2.3:a:digitaldruid:hoteldruid:3.0.5:*:*:*:*:*:*:*

History

21 Nov 2024, 08:07

Type Values Removed Values Added
References () https://github.com/leekenghwa/CVE-2023-34537---XSS-reflected--found-in-HotelDruid-3.0.5 - Exploit, Third Party Advisory () https://github.com/leekenghwa/CVE-2023-34537---XSS-reflected--found-in-HotelDruid-3.0.5 - Exploit, Third Party Advisory

20 Jun 2023, 17:07

Type Values Removed Values Added
CPE cpe:2.3:a:digitaldruid:hoteldruid:3.0.5:*:*:*:*:*:*:*
References (MISC) https://github.com/leekenghwa/CVE-2023-34537---XSS-reflected--found-in-HotelDruid-3.0.5 - (MISC) https://github.com/leekenghwa/CVE-2023-34537---XSS-reflected--found-in-HotelDruid-3.0.5 - Exploit, Third Party Advisory
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 5.4
CWE CWE-79
First Time Digitaldruid
Digitaldruid hoteldruid

13 Jun 2023, 21:27

Type Values Removed Values Added
New CVE

Information

Published : 2023-06-13 21:15

Updated : 2024-11-21 08:07


NVD link : CVE-2023-34537

Mitre link : CVE-2023-34537

CVE.ORG link : CVE-2023-34537


JSON object : View

Products Affected

digitaldruid

  • hoteldruid
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')