CVE-2022-26564

MEDIUM NUCLEI

HotelDruid Hotel Management Software <3.0.3 - XSS

Title source: llm

Description

HotelDruid Hotel Management Software v3.0.3 contains a cross-site scripting (XSS) vulnerability via the prezzoperiodo4 parameter in creaprezzi.php.

Nuclei Templates (1)

HotelDruid Hotel Management Software 3.0.3 - Cross-Site Scripting
MEDIUMby alexrydzak
Shodan: http.favicon.hash:-1521640213 || http.title:"hoteldruid"
FOFA: title="hoteldruid" || icon_hash=-1521640213

References (2)

Scores

CVSS v3 6.1
EPSS 0.0055
EPSS Percentile 67.9%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Details

CWE
CWE-79
Status published
Products (1)
digitaldruid/hoteldruid 3.0.3
Published Apr 26, 2022
Tracked Since Feb 18, 2026