CVE-2023-29839
MEDIUMHotelDruid 3.0.4 - Stored Cross-Site Scripting via Document Surname Name or Nickname Fields
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2023-29839. PoCs published by jichngan.
AI-analyzed exploit summary This repository contains a detailed writeup for CVE-2023-29839, a stored XSS vulnerability in Hotel Druid 3.0.4. It describes how arbitrary JavaScript can be executed via the Surname, Name, or Nickname fields in the 'Document' function, triggered by viewing an 'Example' document.
Description
A Stored Cross Site Scripting (XSS) vulnerability exists in multiple pages of Hotel Druid version 3.0.4, which allows arbitrary execution of commands. The vulnerable fields are Surname, Name, and Nickname in the Document function.
Exploits (1)
This repository contains a detailed writeup for CVE-2023-29839, a stored XSS vulnerability in Hotel Druid 3.0.4. It describes how arbitrary JavaScript can be executed via the Surname, Name, or Nickname fields in the 'Document' function, triggered by viewing an 'Example' document.
References (1)
Scores
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N