VYPR

HotelDruid

by HotelDruid

CVEs (25)

  • CVE-2023-43376MedSep 20, 2023
    risk 0.35cvss 5.4epss 0.00

    A cross-site scripting (XSS) vulnerability in /hoteldruid/clienti.php of Hoteldruid v3.0.5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the nometipotariffa1 parameter.

  • CVE-2023-34537MedJun 13, 2023
    risk 0.35cvss 5.4epss 0.01

    A Reflected XSS was discovered in HotelDruid version 3.0.5, an attacker can issue malicious code/command on affected webpage's parameter to trick user on browser and/or exfiltrate data.

  • CVE-2023-29839MedMay 3, 2023
    risk 0.35cvss 5.4epss 0.01

    A Stored Cross Site Scripting (XSS) vulnerability exists in multiple pages of Hotel Druid version 3.0.4, which allows arbitrary execution of commands. The vulnerable fields are Surname, Name, and Nickname in the Document function.

  • CVE-2019-9084MedJun 7, 2019
    risk 0.32cvss 4.9epss 0.02

    In Hoteldruid before 2.3.1, a division by zero was discovered in $num_tabelle in tab_tariffe.php (aka the numtariffa1 parameter) due to the mishandling of non-numeric values, as demonstrated by the /tab_tariffe.php?anno=[YEAR]&numtariffa1=1a URI. It could allow an administrator…

  • CVE-2025-55816Dec 11, 2025
    risk 0.00cvss epss 0.00

    HotelDruid v3.0.7 and before is vulnerable to Cross Site Scripting (XSS) in the /modifica_app.php file.

Page 2 of 2