CVE-2025-25749

High CVSS: 7.1

An issue in HotelDruid version 3.0.7 and earlier allows users to set weak passwords due to the lack of enforcement of password strength policies.

Vendor

Product

CWE

Yayın Tarihi

2025-03-11 18:15:32

Güncelleme

2025-04-07 14:06:58

Source Identifier

cve@mitre.org

KEV Date Added

CWE-521 Hoteldruid HIGH Digitaldruid 2025

https://www.huyvo.net/post/cve-2025-25749-weak-password-policy-in-hoteldruid-3-0-7

Medium

CVE-2025-55816

HotelDruid v3.0.7 and before is vulnerable to Cross Site Scripting (XSS) in the /modifica_app.php file.

High

CVE-2025-44203

In HotelDruid 3.0.7, an unauthenticated attacker can exploit verbose SQL error messages on creadb.php before the 'create…

Medium

CVE-2023-43378

A cross-site scripting (XSS) vulnerability in Hoteldruid v3.0.5 allows attackers to execute arbitrary web scripts or HTM…

High

CVE-2025-25748

A CSRF vulnerability in the gestione_utenti.php endpoint of HotelDruid 3.0.7 allows attackers to perform unauthorized ac…

Medium

CVE-2025-25747

Cross Site Scripting vulnerability in DigitalDruid HotelDruid v.3.0.7 allows an attacker to execute arbitrary code and o…