Cross-Site Scripting (XSS)

2023-11-2800:17:22

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

hoteldruid

cross-site scripting

vulnerability

user inputs

malicious scripts

application

validation

sanitization

5.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

7.1 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

14.0%

JSON

hoteldruid is vulnerable to Cross-Site Scripting. The vulnerability due to insufficient validation or sanitization of user inputs, in the destinatario_email1 POST parameter. This allows attackers to inject and execute malicious scripts within the application.

CPENameOperatorVersion
hoteldruid:sideq3.0.1-1
hoteldruid:sideq3.0.1-1

CPE	Name	Operator	Version
	hoteldruid:sid	eq	3.0.1-1
	hoteldruid:sid	eq	3.0.1-1

References

flashy-lemonade-192.notion.site/Cross-site-scripting-in-hoteldruid-version-3-0-5-via-destinatario_email1-post-parameter-0ac6596d5b534dd1b2a49987ad065d1c?pvs=4

security-tracker.debian.org/tracker/CVE-2023-43377