CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
EPSS
Percentile
75.9%
HotelDruid 2.3.0 has XSS affecting the nsextt, cambia1, mese_fine, origine,
and anno parameters in creaprezzi.php, tabella3.php, personalizza.php, and
visualizza_tabelle.php.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 18.04 | noarch | hoteldruid | < any | UNKNOWN |
ubuntu | 19.10 | noarch | hoteldruid | < 2.3.2-1 | UNKNOWN |
ubuntu | 20.04 | noarch | hoteldruid | < 2.3.2-1 | UNKNOWN |
ubuntu | 20.10 | noarch | hoteldruid | < 2.3.2-1 | UNKNOWN |
ubuntu | 21.04 | noarch | hoteldruid | < 2.3.2-1 | UNKNOWN |
ubuntu | 21.10 | noarch | hoteldruid | < 2.3.2-1 | UNKNOWN |
ubuntu | 22.04 | noarch | hoteldruid | < 2.3.2-1 | UNKNOWN |
ubuntu | 22.10 | noarch | hoteldruid | < 2.3.2-1 | UNKNOWN |
ubuntu | 23.04 | noarch | hoteldruid | < 2.3.2-1 | UNKNOWN |
ubuntu | 23.10 | noarch | hoteldruid | < 2.3.2-1 | UNKNOWN |
packetstormsecurity.com/files/151779/HotelDruid-2.3-Cross-Site-Scripting.html
launchpad.net/bugs/cve/CVE-2019-8937
nvd.nist.gov/vuln/detail/CVE-2019-8937
security-tracker.debian.org/tracker/CVE-2019-8937
sourceforge.net/projects/hoteldruid/
www.cve.org/CVERecord?id=CVE-2019-8937
www.exploit-db.com/exploits/46429/
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
EPSS
Percentile
75.9%