CVE-2025-55816

Medium CVSS: 6.1

HotelDruid v3.0.7 and before is vulnerable to Cross Site Scripting (XSS) in the /modifica_app.php file.

Vendor

Product

CWE

Yayın Tarihi

2025-12-11 21:15:50

Güncelleme

2025-12-15 18:35:37

Source Identifier

cve@mitre.org

KEV Date Added

CWE-79 Hoteldruid MEDIUM Digitaldruid 2025

https://www.hoteldruid.com/en/ https://www.partywave.site/show/research/cve-2025-55816-xss-and-raptx

High

CVE-2025-44203

In HotelDruid 3.0.7, an unauthenticated attacker can exploit verbose SQL error messages on creadb.php before the 'create…

Medium

CVE-2023-43378

A cross-site scripting (XSS) vulnerability in Hoteldruid v3.0.5 allows attackers to execute arbitrary web scripts or HTM…

High

CVE-2025-25748

A CSRF vulnerability in the gestione_utenti.php endpoint of HotelDruid 3.0.7 allows attackers to perform unauthorized ac…

High

CVE-2025-25749

An issue in HotelDruid version 3.0.7 and earlier allows users to set weak passwords due to the lack of enforcement of pa…

Medium

CVE-2025-25747

Cross Site Scripting vulnerability in DigitalDruid HotelDruid v.3.0.7 allows an attacker to execute arbitrary code and o…