CVE-2025-25747

Medium CVSS: 5.4

Cross Site Scripting vulnerability in DigitalDruid HotelDruid v.3.0.7 allows an attacker to execute arbitrary code and obtain sensitive information via the ripristina_backup parameter in the crea_backup.php endpoint

Vendor

Digitaldruid

Product

Hoteldruid

CWE

CWE-79

Yayın Tarihi

2025-03-11 16:15:17

Güncelleme

2025-05-28 14:47:52

Source Identifier

cve@mitre.org

KEV Date Added

Kategoriler

CWE-79 Hoteldruid MEDIUM Digitaldruid 2025

Referanslar

https://cwe.mitre.org/data/definitions/79.html https://www.huyvo.net/post/cve-2025-25747-reflected-xss-vulnerability-in-hoteldruid-3-0-7 https://www.huyvo.net/post/cve-2025-25747-reflected-xss-vulnerability-in-hoteldruid-3-0-7

Benzer Kayıtlar

Medium

CVE-2025-55816

HotelDruid v3.0.7 and before is vulnerable to Cross Site Scripting (XSS) in the /modifica_app.php file.

High

CVE-2025-44203

In HotelDruid 3.0.7, an unauthenticated attacker can exploit verbose SQL error messages on creadb.php before the 'create…

Medium

CVE-2023-43378

A cross-site scripting (XSS) vulnerability in Hoteldruid v3.0.5 allows attackers to execute arbitrary web scripts or HTM…

High

CVE-2025-25748

A CSRF vulnerability in the gestione_utenti.php endpoint of HotelDruid 3.0.7 allows attackers to perform unauthorized ac…

High

CVE-2025-25749

An issue in HotelDruid version 3.0.7 and earlier allows users to set weak passwords due to the lack of enforcement of pa…