Security for everyone

CVE-2019-8937 Scanner

Detects 'Cross-Site Scripting (XSS)' vulnerability in HotelDruid affects v. 2.3.0.

SCAN NOW

Short Info


Level

Medium

Type

Single Scan

Can be used by

Asset Owner

Estimated Time

10 sec

Scan only one

Url

Parent Category

CVE-2019-8937 Scanner Detail

HotelDruid is a hotel management software that provides users with tools to manage bookings, reservations, check-in and check-out processes, billing, and more. This software is most commonly used by small and medium-sized hotels looking to streamline their operations and improve customer experience. With its intuitive interface and customizable options, HotelDruid makes it easy for hotel managers to keep track of their business and optimize their workflows.

Recently, a vulnerability known as CVE-2019-8937 has been discovered in HotelDruid version 2.3.0. This vulnerability affects several parameters including nsextt, cambia1, mese_fine, origine, and anno in four different PHP pages: creaprezzi.php, tabella3.php, personalizza.php, and visualizza_tabelle.php. The vulnerability allows an attacker to inject malicious code into these variables, which can then be executed by any unsuspecting user who uses the affected pages.

If this vulnerability is exploited, it can lead to a number of serious consequences for hotel owners using HotelDruid. For example, an attacker could use the injected code to steal sensitive customer information such as credit card details, social security numbers, and other personally identifiable information. They could also use the same code to disrupt the normal operation of the hotel's website, causing it to crash or malfunction. In addition, the attacker could gain unauthorized access to sensitive business data, including financial records, employee information, and other confidential information.

If you are concerned about vulnerabilities in your digital assets, the securityforeveryone.com platform can help. With its advanced pro features, you can quickly and easily check for vulnerabilities, generate detailed reports, and take action to prevent future attacks. Don't wait until it's too late- start protecting your digital assets today with securityforeveryone.com.

 

REFERENCES

cyber security services for everyone one. Free security tools, continuous vulnerability scanning and many more.
Try it yourself,
control security posture