Hotel Management Software
by HotelDruid
CVEs (3)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2021-42949 | Cri | 0.64 | 9.8 | 0.06 | Sep 16, 2022 | The component controlla_login function in HotelDruid Hotel Management Software v3.0.3 generates a predictable session token, allowing attackers to bypass authentication via bruteforce attacks. | ||
| CVE-2022-26564 | Med | 0.40 | 6.1 | 0.03 | Apr 26, 2022 | HotelDruid Hotel Management Software v3.0.3 contains a cross-site scripting (XSS) vulnerability via the prezzoperiodo4 parameter in creaprezzi.php. | ||
| CVE-2021-42948 | Low | 0.24 | 3.7 | 0.01 | Sep 16, 2022 | HotelDruid Hotel Management Software v3.0.3 and below was discovered to have exposed session tokens in multiple links via GET parameters, allowing attackers to access user session id's. |
- risk 0.64cvss 9.8epss 0.06
The component controlla_login function in HotelDruid Hotel Management Software v3.0.3 generates a predictable session token, allowing attackers to bypass authentication via bruteforce attacks.
- risk 0.40cvss 6.1epss 0.03
HotelDruid Hotel Management Software v3.0.3 contains a cross-site scripting (XSS) vulnerability via the prezzoperiodo4 parameter in creaprezzi.php.
- risk 0.24cvss 3.7epss 0.01
HotelDruid Hotel Management Software v3.0.3 and below was discovered to have exposed session tokens in multiple links via GET parameters, allowing attackers to access user session id's.