VYPR

Hotel Management Software

by HotelDruid

CVEs (3)

  • CVE-2021-42949CriSep 16, 2022
    risk 0.64cvss 9.8epss 0.06

    The component controlla_login function in HotelDruid Hotel Management Software v3.0.3 generates a predictable session token, allowing attackers to bypass authentication via bruteforce attacks.

  • CVE-2022-26564MedApr 26, 2022
    risk 0.40cvss 6.1epss 0.03

    HotelDruid Hotel Management Software v3.0.3 contains a cross-site scripting (XSS) vulnerability via the prezzoperiodo4 parameter in creaprezzi.php.

  • CVE-2021-42948LowSep 16, 2022
    risk 0.24cvss 3.7epss 0.01

    HotelDruid Hotel Management Software v3.0.3 and below was discovered to have exposed session tokens in multiple links via GET parameters, allowing attackers to access user session id's.