CVE-2023-34537

MEDIUM NUCLEI

Digitaldruid Hoteldruid - XSS

Title source: rule

Description

A Reflected XSS was discovered in HotelDruid version 3.0.5, an attacker can issue malicious code/command on affected webpage's parameter to trick user on browser and/or exfiltrate data.

Exploits (1)

nomisec WRITEUP

by leekenghwa · poc

https://github.com/leekenghwa/CVE-2023-34537---XSS-reflected--found-in-HotelDruid-3.0.5

View Code ZIP pw:eip

Nuclei Templates (1)

Hoteldruid 3.0.5 - Cross-Site Scripting

MEDIUMVERIFIEDby Harsh

Shodan: http.title:"hoteldruid" || http.favicon.hash:-1521640213

FOFA: title="hoteldruid" || icon_hash=-1521640213

References (1)

[Exploit, Third Party Advisory] https://github.com/leekenghwa/CVE-2023-34537---XSS-reflected--found-in-HotelDruid-3.0.5

Scores

CVSS v3 5.4

EPSS 0.1583

EPSS Percentile 94.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Details

CWE

CWE-79

Status published

Products (1)

digitaldruid/hoteldruid 3.0.5

Published Jun 13, 2023

Tracked Since Feb 18, 2026