CVE-2019-8937 Scanner
CVE-2019-8937 scanner - Cross-Site Scripting (XSS) vulnerability in HotelDruid
Short Info
Level
Medium
Single Scan
Single Scan
Can be used by
Asset Owner
Estimated Time
10 seconds
Time Interval
1 month 1 day
Scan only one
URL
Toolbox
-
HotelDruid is a hotel management software that provides users with tools to manage bookings, reservations, check-in and check-out processes, billing, and more. This software is most commonly used by small and medium-sized hotels looking to streamline their operations and improve customer experience. With its intuitive interface and customizable options, HotelDruid makes it easy for hotel managers to keep track of their business and optimize their workflows.
Recently, a vulnerability known as CVE-2019-8937 has been discovered in HotelDruid version 2.3.0. This vulnerability affects several parameters including nsextt, cambia1, mese_fine, origine, and anno in four different PHP pages: creaprezzi.php, tabella3.php, personalizza.php, and visualizza_tabelle.php. The vulnerability allows an attacker to inject malicious code into these variables, which can then be executed by any unsuspecting user who uses the affected pages.
If this vulnerability is exploited, it can lead to a number of serious consequences for hotel owners using HotelDruid. For example, an attacker could use the injected code to steal sensitive customer information such as credit card details, social security numbers, and other personally identifiable information. They could also use the same code to disrupt the normal operation of the hotel's website, causing it to crash or malfunction. In addition, the attacker could gain unauthorized access to sensitive business data, including financial records, employee information, and other confidential information.
If you are concerned about vulnerabilities in your digital assets, the s4e.io platform can help. With its advanced pro features, you can quickly and easily check for vulnerabilities, generate detailed reports, and take action to prevent future attacks. Don't wait until it's too late- start protecting your digital assets today with s4e.io.
REFERENCES
