Skip to content

jichngan/CVE-2023-29839

main
Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
Code

Latest commit

 

Git stats

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
 
 

CVE-2023-29839 Hotel Druid 3.0.4 Stored Cross Site Scripting Vulnerability

CMS Link: https://www.hoteldruid.com/

Version Affected: 3.0.4

Severity & CVSS: TODO: Update when NVD reviews CVSS

A Stored Cross Site Scripting (XSS) vulnerability exists in multiple pages in Version 3.0.4 of the Hotel Druid application that allows for arbitrary execution of commands.

Vulnerable Fields: Surname, Name, Nickname in the "Document" function

Affected Links: /visualizza_contratto.php

Triggering the payload: Visit the Example document preview function

Remediation: Update to HotelDruid version 3.0.5

Steps to Reproduce:

  1. Enter a XSS payload into a client's name. This can be done during room reservation or a brand new registration of a client. The payload used is <script>alert(document.domain)</script>

client_payload

  1. Navigate to "Clients" tab and select the client with the XSS payload by clicking on the "N" column
  2. In this page, there are 2 ways to trigger the stored XSS payload. The first is by viewing the Example document in the top right hand corner of the page

Screenshot 2023-03-10 at 2 08 13 PM

Screenshot 2023-03-10 at 2 08 49 PM

  1. The second way to trigger the XSS payload is to navigate to the bottom of the page where you can modify the client's data
  2. Once again, select the Example document and click on "View"

Screenshot 2023-03-10 at 2 10 13 PM

Screenshot 2023-03-10 at 2 08 49 PM

  1. There are also other methods to trigger the XSS payload. By navigating to "Reservations" and modifying the client's reservation

Screenshot 2023-03-10 at 2 17 48 PM

  1. Scroll to the bottom of the page and once again select the Example document and click on "View"

Screenshot 2023-03-10 at 2 18 12 PM

Screenshot 2023-03-10 at 2 08 49 PM

About

Hotel Druid 3.0.4 Stored Cross Site Scripting Vulnerability

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published