CVE-2023-34537

MEDIUM NUCLEI

HotelDruid 3.0.5 - Reflected Cross-Site Scripting

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2023-34537. PoCs published by leekenghwa. A Nuclei detection template is also available.

AI-analyzed exploit summary This repository documents a reflected XSS vulnerability in HotelDruid v3.0.5, affecting parameters in creaprezzi.php and crearegole.php. The writeup includes payload examples and steps to reproduce the issue.

Description

A Reflected XSS was discovered in HotelDruid version 3.0.5, an attacker can issue malicious code/command on affected webpage's parameter to trick user on browser and/or exfiltrate data.

Exploits (1)

nomisec WRITEUP
by leekenghwa · poc
https://github.com/leekenghwa/CVE-2023-34537---XSS-reflected--found-in-HotelDruid-3.0.5

This repository documents a reflected XSS vulnerability in HotelDruid v3.0.5, affecting parameters in creaprezzi.php and crearegole.php. The writeup includes payload examples and steps to reproduce the issue.

Classification
Writeup 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target: HotelDruid v3.0.5
Auth required
Prerequisites: Authenticated access to the application
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026 Full analysis →

Nuclei Templates (1)

Hoteldruid 3.0.5 - Cross-Site Scripting
MEDIUMVERIFIEDby Harsh
Shodan: http.title:"hoteldruid" || http.favicon.hash:-1521640213
FOFA: title="hoteldruid" || icon_hash=-1521640213

References (1)

Core 1

Scores

CVSS v3 5.4
EPSS 0.0145
EPSS Percentile 69.9%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact partial

Details

CWE
CWE-79
Status published
Products (1)
digitaldruid/hoteldruid 3.0.5
Published Jun 13, 2023
Tracked Since Feb 18, 2026