A cross-site scripting (XSS) vulnerability in /hoteldruid/visualizza_contratto.php of Hoteldruid v3.0.5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the destinatario_email1 parameter.
References
| Link | Resource |
|---|---|
| https://flashy-lemonade-192.notion.site/Cross-site-scripting-in-hoteldruid-version-3-0-5-via-destinatario_email1-post-parameter-0ac6596d5b534dd1b2a49987ad065d1c?pvs=4 | Exploit Third Party Advisory |
Configurations
History
25 Sep 2024, 01:36
| Type | Values Removed | Values Added |
|---|---|---|
| CWE | CWE-79 |
21 Sep 2023, 18:35
| Type | Values Removed | Values Added |
|---|---|---|
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : 5.4 |
| CPE | cpe:2.3:a:digitaldruid:hoteldruid:3.0.5:*:*:*:*:*:*:* | |
| First Time |
Digitaldruid
Digitaldruid hoteldruid |
|
| References | (MISC) https://flashy-lemonade-192.notion.site/Cross-site-scripting-in-hoteldruid-version-3-0-5-via-destinatario_email1-post-parameter-0ac6596d5b534dd1b2a49987ad065d1c?pvs=4 - Exploit, Third Party Advisory | |
| CWE | CWE-89 |
20 Sep 2023, 19:15
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2023-09-20 19:15
Updated : 2024-09-25 01:36
NVD link : CVE-2023-43377
Mitre link : CVE-2023-43377
CVE.ORG link : CVE-2023-43377
JSON object : View
Products Affected
digitaldruid
- hoteldruid