{"url":"http://public2.vulnerablecode.io/api/packages/195989?format=json","purl":"pkg:deb/debian/hoteldruid@3.0.1-1","type":"deb","namespace":"debian","name":"hoteldruid","version":"3.0.1-1","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"3.0.8-1","latest_non_vulnerable_version":"3.0.8-1","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/72488?format=json","vulnerability_id":"VCID-1jeq-dmk3-mbhy","summary":"hoteldruid v3.0.5 was discovered to contain a SQL injection vulnerability.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-33817","reference_id":"","reference_type":"","scores":[{"value":"0.12103","scoring_system":"epss","scoring_elements":"0.93941","published_at":"2026-06-06T12:55:00Z"},{"value":"0.12103","scoring_system":"epss","scoring_elements":"0.93942","published_at":"2026-06-07T12:55:00Z"},{"value":"0.12103","scoring_system":"epss","scoring_elements":"0.9394","published_at":"2026-06-08T12:55:00Z"},{"value":"0.12103","scoring_system":"epss","scoring_elements":"0.93946","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-33817"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-33817","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-33817"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1038251","reference_id":"1038251","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1038251"},{"reference_url":"https://github.com/leekenghwa/CVE-2023-33817---SQL-Injection-found-in-HotelDruid-3.0.5","reference_id":"CVE-2023-33817---SQL-Injection-found-in-HotelDruid-3.0.5","reference_type":"","scores":[{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-01-03T02:20:24Z/"}],"url":"https://github.com/leekenghwa/CVE-2023-33817---SQL-Injection-found-in-HotelDruid-3.0.5"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/195991?format=json","purl":"pkg:deb/debian/hoteldruid@3.0.8-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/hoteldruid@3.0.8-1"}],"aliases":["CVE-2023-33817"],"risk_score":0.1,"exploitability":"0.5","weighted_severity":"0.1","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1jeq-dmk3-mbhy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/72481?format=json","vulnerability_id":"VCID-36fv-rddt-5bfa","summary":"DigitalDruid HotelDruid 3.0.2 has an XSS vulnerability in prenota.php affecting the fineperiodo1 parameter.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-38559","reference_id":"","reference_type":"","scores":[{"value":"0.00254","scoring_system":"epss","scoring_elements":"0.4887","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00254","scoring_system":"epss","scoring_elements":"0.48932","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00254","scoring_system":"epss","scoring_elements":"0.4894","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00254","scoring_system":"epss","scoring_elements":"0.48922","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00254","scoring_system":"epss","scoring_elements":"0.48892","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00254","scoring_system":"epss","scoring_elements":"0.48906","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-38559"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38559","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38559"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/195990?format=json","purl":"pkg:deb/debian/hoteldruid@3.0.4-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1jeq-dmk3-mbhy"},{"vulnerability":"VCID-54d6-hfga-fbeg"},{"vulnerability":"VCID-8jjr-6gyc-vkcf"},{"vulnerability":"VCID-8prn-8xbg-5faf"},{"vulnerability":"VCID-cbsh-965t-yuga"},{"vulnerability":"VCID-dsv3-4f3h-2qak"},{"vulnerability":"VCID-g5ys-yb3f-13dc"},{"vulnerability":"VCID-j6rb-rszc-6bg5"},{"vulnerability":"VCID-mey3-9tmh-q3ab"},{"vulnerability":"VCID-p8gv-73tk-6qd1"},{"vulnerability":"VCID-pbq9-pg4b-qqb1"},{"vulnerability":"VCID-pkys-z5fy-xbfy"},{"vulnerability":"VCID-r62u-8e3g-xyb8"},{"vulnerability":"VCID-re67-9hnu-hyfb"},{"vulnerability":"VCID-rf2e-d6st-jycw"},{"vulnerability":"VCID-tpr7-6n73-akgh"},{"vulnerability":"VCID-zbmy-jz9n-z3e3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/hoteldruid@3.0.4-1"}],"aliases":["CVE-2021-38559"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-36fv-rddt-5bfa"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/72486?format=json","vulnerability_id":"VCID-54d6-hfga-fbeg","summary":"","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45592","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45592"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/195991?format=json","purl":"pkg:deb/debian/hoteldruid@3.0.8-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/hoteldruid@3.0.8-1"}],"aliases":["CVE-2022-45592"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-54d6-hfga-fbeg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/72489?format=json","vulnerability_id":"VCID-8jjr-6gyc-vkcf","summary":"A Reflected XSS was discovered in HotelDruid version 3.0.5, an attacker can issue malicious code/command on affected webpage's parameter to trick user on browser and/or exfiltrate data.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-34537","reference_id":"","reference_type":"","scores":[{"value":"0.12864","scoring_system":"epss","scoring_elements":"0.94181","published_at":"2026-06-06T12:55:00Z"},{"value":"0.12864","scoring_system":"epss","scoring_elements":"0.94182","published_at":"2026-06-08T12:55:00Z"},{"value":"0.12864","scoring_system":"epss","scoring_elements":"0.94189","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-34537"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-34537","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-34537"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1038251","reference_id":"1038251","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1038251"},{"reference_url":"https://github.com/leekenghwa/CVE-2023-34537---XSS-reflected--found-in-HotelDruid-3.0.5","reference_id":"CVE-2023-34537---XSS-reflected--found-in-HotelDruid-3.0.5","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-03T02:18:36Z/"}],"url":"https://github.com/leekenghwa/CVE-2023-34537---XSS-reflected--found-in-HotelDruid-3.0.5"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/195991?format=json","purl":"pkg:deb/debian/hoteldruid@3.0.8-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/hoteldruid@3.0.8-1"}],"aliases":["CVE-2023-34537"],"risk_score":0.1,"exploitability":"0.5","weighted_severity":"0.1","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8jjr-6gyc-vkcf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/72490?format=json","vulnerability_id":"VCID-8prn-8xbg-5faf","summary":"","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-34854","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-34854"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/195991?format=json","purl":"pkg:deb/debian/hoteldruid@3.0.8-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/hoteldruid@3.0.8-1"}],"aliases":["CVE-2023-34854"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8prn-8xbg-5faf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/72482?format=json","vulnerability_id":"VCID-97cs-9n8j-pqge","summary":"HotelDruid Hotel Management Software v3.0.3 and below was discovered to have exposed session tokens in multiple links via GET parameters, allowing attackers to access user session id's.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-42948","reference_id":"","reference_type":"","scores":[{"value":"0.00185","scoring_system":"epss","scoring_elements":"0.40033","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00185","scoring_system":"epss","scoring_elements":"0.40115","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00185","scoring_system":"epss","scoring_elements":"0.40117","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00185","scoring_system":"epss","scoring_elements":"0.40089","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00185","scoring_system":"epss","scoring_elements":"0.40061","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00185","scoring_system":"epss","scoring_elements":"0.40078","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-42948"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42948","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42948"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/195990?format=json","purl":"pkg:deb/debian/hoteldruid@3.0.4-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1jeq-dmk3-mbhy"},{"vulnerability":"VCID-54d6-hfga-fbeg"},{"vulnerability":"VCID-8jjr-6gyc-vkcf"},{"vulnerability":"VCID-8prn-8xbg-5faf"},{"vulnerability":"VCID-cbsh-965t-yuga"},{"vulnerability":"VCID-dsv3-4f3h-2qak"},{"vulnerability":"VCID-g5ys-yb3f-13dc"},{"vulnerability":"VCID-j6rb-rszc-6bg5"},{"vulnerability":"VCID-mey3-9tmh-q3ab"},{"vulnerability":"VCID-p8gv-73tk-6qd1"},{"vulnerability":"VCID-pbq9-pg4b-qqb1"},{"vulnerability":"VCID-pkys-z5fy-xbfy"},{"vulnerability":"VCID-r62u-8e3g-xyb8"},{"vulnerability":"VCID-re67-9hnu-hyfb"},{"vulnerability":"VCID-rf2e-d6st-jycw"},{"vulnerability":"VCID-tpr7-6n73-akgh"},{"vulnerability":"VCID-zbmy-jz9n-z3e3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/hoteldruid@3.0.4-1"}],"aliases":["CVE-2021-42948"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-97cs-9n8j-pqge"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/72480?format=json","vulnerability_id":"VCID-9p5e-61b7-c7fm","summary":"A reflected cross-site scripting (XSS) vulnerability exists in multiple pages in version 3.0.2 of the Hotel Druid application that allows for arbitrary execution of JavaScript commands.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-37833","reference_id":"","reference_type":"","scores":[{"value":"0.11566","scoring_system":"epss","scoring_elements":"0.93774","published_at":"2026-06-04T12:55:00Z"},{"value":"0.11566","scoring_system":"epss","scoring_elements":"0.93783","published_at":"2026-06-06T12:55:00Z"},{"value":"0.11566","scoring_system":"epss","scoring_elements":"0.93782","published_at":"2026-06-07T12:55:00Z"},{"value":"0.11566","scoring_system":"epss","scoring_elements":"0.93781","published_at":"2026-06-08T12:55:00Z"},{"value":"0.11566","scoring_system":"epss","scoring_elements":"0.93788","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-37833"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37833","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37833"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=991910","reference_id":"991910","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=991910"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/195990?format=json","purl":"pkg:deb/debian/hoteldruid@3.0.4-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1jeq-dmk3-mbhy"},{"vulnerability":"VCID-54d6-hfga-fbeg"},{"vulnerability":"VCID-8jjr-6gyc-vkcf"},{"vulnerability":"VCID-8prn-8xbg-5faf"},{"vulnerability":"VCID-cbsh-965t-yuga"},{"vulnerability":"VCID-dsv3-4f3h-2qak"},{"vulnerability":"VCID-g5ys-yb3f-13dc"},{"vulnerability":"VCID-j6rb-rszc-6bg5"},{"vulnerability":"VCID-mey3-9tmh-q3ab"},{"vulnerability":"VCID-p8gv-73tk-6qd1"},{"vulnerability":"VCID-pbq9-pg4b-qqb1"},{"vulnerability":"VCID-pkys-z5fy-xbfy"},{"vulnerability":"VCID-r62u-8e3g-xyb8"},{"vulnerability":"VCID-re67-9hnu-hyfb"},{"vulnerability":"VCID-rf2e-d6st-jycw"},{"vulnerability":"VCID-tpr7-6n73-akgh"},{"vulnerability":"VCID-zbmy-jz9n-z3e3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/hoteldruid@3.0.4-1"}],"aliases":["CVE-2021-37833"],"risk_score":0.1,"exploitability":"0.5","weighted_severity":"0.1","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9p5e-61b7-c7fm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/72492?format=json","vulnerability_id":"VCID-cbsh-965t-yuga","summary":"Hoteldruid v3.0.5 was discovered to contain a SQL injection vulnerability via the n_utente_agg parameter at /hoteldruid/interconnessioni.php.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-43373","reference_id":"","reference_type":"","scores":[{"value":"0.23834","scoring_system":"epss","scoring_elements":"0.96122","published_at":"2026-06-05T12:55:00Z"},{"value":"0.23834","scoring_system":"epss","scoring_elements":"0.96125","published_at":"2026-06-08T12:55:00Z"},{"value":"0.23834","scoring_system":"epss","scoring_elements":"0.96131","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-43373"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43373","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43373"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1052572","reference_id":"1052572","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1052572"},{"reference_url":"https://flashy-lemonade-192.notion.site/SQL-injection-in-hoteldruid-version-3-0-5-via-n_utente_agg-parameter-948a6d724b5348f3867ee6d780f98f1a?pvs=4","reference_id":"SQL-injection-in-hoteldruid-version-3-0-5-via-n_utente_agg-parameter-948a6d724b5348f3867ee6d780f98f1a?pvs=4","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2024-09-24T17:58:59Z/"}],"url":"https://flashy-lemonade-192.notion.site/SQL-injection-in-hoteldruid-version-3-0-5-via-n_utente_agg-parameter-948a6d724b5348f3867ee6d780f98f1a?pvs=4"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/195991?format=json","purl":"pkg:deb/debian/hoteldruid@3.0.8-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/hoteldruid@3.0.8-1"}],"aliases":["CVE-2023-43373"],"risk_score":2.5,"exploitability":"0.5","weighted_severity":"4.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-cbsh-965t-yuga"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/72498?format=json","vulnerability_id":"VCID-dsv3-4f3h-2qak","summary":"Cross-site scripting vulnerability in HOTELDRUID 3.0.5 and earlier allows a remote unauthenticated attacker to execute an arbitrary script on the web browser of the user who is logging in to the product.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-47164","reference_id":"","reference_type":"","scores":[{"value":"0.00266","scoring_system":"epss","scoring_elements":"0.50318","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00266","scoring_system":"epss","scoring_elements":"0.50347","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00266","scoring_system":"epss","scoring_elements":"0.50328","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00266","scoring_system":"epss","scoring_elements":"0.503","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00266","scoring_system":"epss","scoring_elements":"0.50339","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-47164"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-47164","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-47164"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1055772","reference_id":"1055772","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1055772"},{"reference_url":"https://www.hoteldruid.com/en/download.html","reference_id":"download.html","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-03T17:38:37Z/"}],"url":"https://www.hoteldruid.com/en/download.html"},{"reference_url":"https://jvn.jp/en/jp/JVN99177549/","reference_id":"JVN99177549","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-03T17:38:37Z/"}],"url":"https://jvn.jp/en/jp/JVN99177549/"},{"reference_url":"https://www.hoteldruid.com/","reference_id":"www.hoteldruid.com","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-03T17:38:37Z/"}],"url":"https://www.hoteldruid.com/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/195991?format=json","purl":"pkg:deb/debian/hoteldruid@3.0.8-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/hoteldruid@3.0.8-1"}],"aliases":["CVE-2023-47164"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dsv3-4f3h-2qak"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/72485?format=json","vulnerability_id":"VCID-dzpx-pkxx-g3f8","summary":"HotelDruid Hotel Management Software v3.0.3 contains a cross-site scripting (XSS) vulnerability via the prezzoperiodo4 parameter in creaprezzi.php.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-26564","reference_id":"","reference_type":"","scores":[{"value":"0.00547","scoring_system":"epss","scoring_elements":"0.68206","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00547","scoring_system":"epss","scoring_elements":"0.68245","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00547","scoring_system":"epss","scoring_elements":"0.68253","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00547","scoring_system":"epss","scoring_elements":"0.6823","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00547","scoring_system":"epss","scoring_elements":"0.68247","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-26564"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26564","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26564"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/195990?format=json","purl":"pkg:deb/debian/hoteldruid@3.0.4-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1jeq-dmk3-mbhy"},{"vulnerability":"VCID-54d6-hfga-fbeg"},{"vulnerability":"VCID-8jjr-6gyc-vkcf"},{"vulnerability":"VCID-8prn-8xbg-5faf"},{"vulnerability":"VCID-cbsh-965t-yuga"},{"vulnerability":"VCID-dsv3-4f3h-2qak"},{"vulnerability":"VCID-g5ys-yb3f-13dc"},{"vulnerability":"VCID-j6rb-rszc-6bg5"},{"vulnerability":"VCID-mey3-9tmh-q3ab"},{"vulnerability":"VCID-p8gv-73tk-6qd1"},{"vulnerability":"VCID-pbq9-pg4b-qqb1"},{"vulnerability":"VCID-pkys-z5fy-xbfy"},{"vulnerability":"VCID-r62u-8e3g-xyb8"},{"vulnerability":"VCID-re67-9hnu-hyfb"},{"vulnerability":"VCID-rf2e-d6st-jycw"},{"vulnerability":"VCID-tpr7-6n73-akgh"},{"vulnerability":"VCID-zbmy-jz9n-z3e3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/hoteldruid@3.0.4-1"}],"aliases":["CVE-2022-26564"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dzpx-pkxx-g3f8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/72483?format=json","vulnerability_id":"VCID-fqzt-sqjg-vqcd","summary":"The component controlla_login function in HotelDruid Hotel Management Software v3.0.3 generates a predictable session token, allowing attackers to bypass authentication via bruteforce attacks.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-42949","reference_id":"","reference_type":"","scores":[{"value":"0.36793","scoring_system":"epss","scoring_elements":"0.97231","published_at":"2026-06-04T12:55:00Z"},{"value":"0.36793","scoring_system":"epss","scoring_elements":"0.97235","published_at":"2026-06-05T12:55:00Z"},{"value":"0.36793","scoring_system":"epss","scoring_elements":"0.97237","published_at":"2026-06-06T12:55:00Z"},{"value":"0.36793","scoring_system":"epss","scoring_elements":"0.97238","published_at":"2026-06-07T12:55:00Z"},{"value":"0.36793","scoring_system":"epss","scoring_elements":"0.97239","published_at":"2026-06-08T12:55:00Z"},{"value":"0.36793","scoring_system":"epss","scoring_elements":"0.9724","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-42949"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42949","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42949"},{"reference_url":"https://github.com/dhammon/HotelDruid-CVE-2021-42949","reference_id":"HotelDruid-CVE-2021-42949","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-06-03T18:17:02Z/"}],"url":"https://github.com/dhammon/HotelDruid-CVE-2021-42949"},{"reference_url":"https://github.com/dhammon/Security","reference_id":"Security","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-06-03T18:17:02Z/"}],"url":"https://github.com/dhammon/Security"},{"reference_url":"https://www.hoteldruid.com/","reference_id":"www.hoteldruid.com","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-06-03T18:17:02Z/"}],"url":"https://www.hoteldruid.com/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/195990?format=json","purl":"pkg:deb/debian/hoteldruid@3.0.4-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1jeq-dmk3-mbhy"},{"vulnerability":"VCID-54d6-hfga-fbeg"},{"vulnerability":"VCID-8jjr-6gyc-vkcf"},{"vulnerability":"VCID-8prn-8xbg-5faf"},{"vulnerability":"VCID-cbsh-965t-yuga"},{"vulnerability":"VCID-dsv3-4f3h-2qak"},{"vulnerability":"VCID-g5ys-yb3f-13dc"},{"vulnerability":"VCID-j6rb-rszc-6bg5"},{"vulnerability":"VCID-mey3-9tmh-q3ab"},{"vulnerability":"VCID-p8gv-73tk-6qd1"},{"vulnerability":"VCID-pbq9-pg4b-qqb1"},{"vulnerability":"VCID-pkys-z5fy-xbfy"},{"vulnerability":"VCID-r62u-8e3g-xyb8"},{"vulnerability":"VCID-re67-9hnu-hyfb"},{"vulnerability":"VCID-rf2e-d6st-jycw"},{"vulnerability":"VCID-tpr7-6n73-akgh"},{"vulnerability":"VCID-zbmy-jz9n-z3e3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/hoteldruid@3.0.4-1"}],"aliases":["CVE-2021-42949"],"risk_score":4.4,"exploitability":"0.5","weighted_severity":"8.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-fqzt-sqjg-vqcd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/72504?format=json","vulnerability_id":"VCID-g5ys-yb3f-13dc","summary":"HotelDruid v3.0.7 and before is vulnerable to Cross Site Scripting (XSS) in the /modifica_app.php file.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-55816","reference_id":"","reference_type":"","scores":[{"value":"0.00033","scoring_system":"epss","scoring_elements":"0.10134","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00033","scoring_system":"epss","scoring_elements":"0.10199","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00033","scoring_system":"epss","scoring_elements":"0.10219","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00033","scoring_system":"epss","scoring_elements":"0.10186","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00033","scoring_system":"epss","scoring_elements":"0.10099","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-55816"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-55816","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-55816"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1122815","reference_id":"1122815","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1122815"},{"reference_url":"https://www.partywave.site/show/research/cve-2025-55816-xss-and-raptx","reference_id":"cve-2025-55816-xss-and-raptx","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-12T21:04:13Z/"}],"url":"https://www.partywave.site/show/research/cve-2025-55816-xss-and-raptx"},{"reference_url":"https://www.hoteldruid.com/en/","reference_id":"en","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-12T21:04:13Z/"}],"url":"https://www.hoteldruid.com/en/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/195991?format=json","purl":"pkg:deb/debian/hoteldruid@3.0.8-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/hoteldruid@3.0.8-1"}],"aliases":["CVE-2025-55816"],"risk_score":1.5,"exploitability":"0.5","weighted_severity":"3.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-g5ys-yb3f-13dc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/72484?format=json","vulnerability_id":"VCID-hxmu-gjdb-mydh","summary":"HotelDruid v3.0.3 was discovered to contain a remote code execution (RCE) vulnerability which is exploited via an attacker inserting a crafted payload into the name field under the Create New Room module.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-22909","reference_id":"","reference_type":"","scores":[{"value":"0.33104","scoring_system":"epss","scoring_elements":"0.96992","published_at":"2026-06-04T12:55:00Z"},{"value":"0.33104","scoring_system":"epss","scoring_elements":"0.96996","published_at":"2026-06-05T12:55:00Z"},{"value":"0.33104","scoring_system":"epss","scoring_elements":"0.96999","published_at":"2026-06-08T12:55:00Z"},{"value":"0.33104","scoring_system":"epss","scoring_elements":"0.97","published_at":"2026-06-07T12:55:00Z"},{"value":"0.33104","scoring_system":"epss","scoring_elements":"0.97003","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-22909"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22909","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22909"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1006750","reference_id":"1006750","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1006750"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/50754.py","reference_id":"CVE-2022-22909","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/50754.py"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/195990?format=json","purl":"pkg:deb/debian/hoteldruid@3.0.4-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1jeq-dmk3-mbhy"},{"vulnerability":"VCID-54d6-hfga-fbeg"},{"vulnerability":"VCID-8jjr-6gyc-vkcf"},{"vulnerability":"VCID-8prn-8xbg-5faf"},{"vulnerability":"VCID-cbsh-965t-yuga"},{"vulnerability":"VCID-dsv3-4f3h-2qak"},{"vulnerability":"VCID-g5ys-yb3f-13dc"},{"vulnerability":"VCID-j6rb-rszc-6bg5"},{"vulnerability":"VCID-mey3-9tmh-q3ab"},{"vulnerability":"VCID-p8gv-73tk-6qd1"},{"vulnerability":"VCID-pbq9-pg4b-qqb1"},{"vulnerability":"VCID-pkys-z5fy-xbfy"},{"vulnerability":"VCID-r62u-8e3g-xyb8"},{"vulnerability":"VCID-re67-9hnu-hyfb"},{"vulnerability":"VCID-rf2e-d6st-jycw"},{"vulnerability":"VCID-tpr7-6n73-akgh"},{"vulnerability":"VCID-zbmy-jz9n-z3e3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/hoteldruid@3.0.4-1"}],"aliases":["CVE-2022-22909"],"risk_score":0.6,"exploitability":"2.0","weighted_severity":"0.3","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hxmu-gjdb-mydh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/72501?format=json","vulnerability_id":"VCID-j6rb-rszc-6bg5","summary":"A CSRF vulnerability in the gestione_utenti.php endpoint of HotelDruid 3.0.7 allows attackers to perform unauthorized actions (e.g., modifying user passwords) on behalf of authenticated users by exploiting the lack of origin or referrer validation and the absence of CSRF tokens. NOTE: this is disputed because there is an id_sessione CSRF token.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-25748","reference_id":"","reference_type":"","scores":[{"value":"0.00077","scoring_system":"epss","scoring_elements":"0.23226","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00077","scoring_system":"epss","scoring_elements":"0.23126","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00077","scoring_system":"epss","scoring_elements":"0.2313","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00077","scoring_system":"epss","scoring_elements":"0.23241","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00077","scoring_system":"epss","scoring_elements":"0.2318","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-25748"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-25748","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-25748"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1101015","reference_id":"1101015","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1101015"},{"reference_url":"https://www.huyvo.net/post/cve-2025-25748-cross-site-request-forgery-csrf-vulnerability-in-hoteldruid-3-0-7","reference_id":"cve-2025-25748-cross-site-request-forgery-csrf-vulnerability-in-hoteldruid-3-0-7","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-21T20:39:47Z/"}],"url":"https://www.huyvo.net/post/cve-2025-25748-cross-site-request-forgery-csrf-vulnerability-in-hoteldruid-3-0-7"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/195991?format=json","purl":"pkg:deb/debian/hoteldruid@3.0.8-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/hoteldruid@3.0.8-1"}],"aliases":["CVE-2025-25748"],"risk_score":1.8,"exploitability":"0.5","weighted_severity":"3.6","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-j6rb-rszc-6bg5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/72493?format=json","vulnerability_id":"VCID-mey3-9tmh-q3ab","summary":"Hoteldruid v3.0.5 was discovered to contain a SQL injection vulnerability via the id_utente_log parameter at /hoteldruid/personalizza.php.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-43374","reference_id":"","reference_type":"","scores":[{"value":"0.23834","scoring_system":"epss","scoring_elements":"0.96122","published_at":"2026-06-05T12:55:00Z"},{"value":"0.23834","scoring_system":"epss","scoring_elements":"0.96125","published_at":"2026-06-08T12:55:00Z"},{"value":"0.23834","scoring_system":"epss","scoring_elements":"0.96131","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-43374"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43374","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43374"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1052572","reference_id":"1052572","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1052572"},{"reference_url":"https://flashy-lemonade-192.notion.site/SQL-injection-in-hoteldruid-version-3-0-5-via-id_utente_log-parameter-8b89f014004947e7bd2ecdacf1610cf9?pvs=4","reference_id":"SQL-injection-in-hoteldruid-version-3-0-5-via-id_utente_log-parameter-8b89f014004947e7bd2ecdacf1610cf9?pvs=4","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2024-09-24T17:58:16Z/"}],"url":"https://flashy-lemonade-192.notion.site/SQL-injection-in-hoteldruid-version-3-0-5-via-id_utente_log-parameter-8b89f014004947e7bd2ecdacf1610cf9?pvs=4"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/195991?format=json","purl":"pkg:deb/debian/hoteldruid@3.0.8-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/hoteldruid@3.0.8-1"}],"aliases":["CVE-2023-43374"],"risk_score":2.5,"exploitability":"0.5","weighted_severity":"4.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-mey3-9tmh-q3ab"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/72479?format=json","vulnerability_id":"VCID-n4pr-zhwk-xbeb","summary":"A SQL injection vulnerability exists in version 3.0.2 of Hotel Druid when SQLite is being used as the application database. A malicious attacker can issue SQL commands to the SQLite database through the vulnerable idappartamenti parameter.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-37832","reference_id":"","reference_type":"","scores":[{"value":"0.1308","scoring_system":"epss","scoring_elements":"0.94234","published_at":"2026-06-04T12:55:00Z"},{"value":"0.1308","scoring_system":"epss","scoring_elements":"0.94242","published_at":"2026-06-05T12:55:00Z"},{"value":"0.1308","scoring_system":"epss","scoring_elements":"0.94244","published_at":"2026-06-06T12:55:00Z"},{"value":"0.1308","scoring_system":"epss","scoring_elements":"0.94246","published_at":"2026-06-07T12:55:00Z"},{"value":"0.1308","scoring_system":"epss","scoring_elements":"0.94245","published_at":"2026-06-08T12:55:00Z"},{"value":"0.1308","scoring_system":"epss","scoring_elements":"0.94251","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-37832"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37832","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37832"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=991910","reference_id":"991910","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=991910"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/195990?format=json","purl":"pkg:deb/debian/hoteldruid@3.0.4-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1jeq-dmk3-mbhy"},{"vulnerability":"VCID-54d6-hfga-fbeg"},{"vulnerability":"VCID-8jjr-6gyc-vkcf"},{"vulnerability":"VCID-8prn-8xbg-5faf"},{"vulnerability":"VCID-cbsh-965t-yuga"},{"vulnerability":"VCID-dsv3-4f3h-2qak"},{"vulnerability":"VCID-g5ys-yb3f-13dc"},{"vulnerability":"VCID-j6rb-rszc-6bg5"},{"vulnerability":"VCID-mey3-9tmh-q3ab"},{"vulnerability":"VCID-p8gv-73tk-6qd1"},{"vulnerability":"VCID-pbq9-pg4b-qqb1"},{"vulnerability":"VCID-pkys-z5fy-xbfy"},{"vulnerability":"VCID-r62u-8e3g-xyb8"},{"vulnerability":"VCID-re67-9hnu-hyfb"},{"vulnerability":"VCID-rf2e-d6st-jycw"},{"vulnerability":"VCID-tpr7-6n73-akgh"},{"vulnerability":"VCID-zbmy-jz9n-z3e3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/hoteldruid@3.0.4-1"}],"aliases":["CVE-2021-37832"],"risk_score":0.1,"exploitability":"0.5","weighted_severity":"0.1","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-n4pr-zhwk-xbeb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/72495?format=json","vulnerability_id":"VCID-p8gv-73tk-6qd1","summary":"A cross-site scripting (XSS) vulnerability in /hoteldruid/clienti.php of Hoteldruid v3.0.5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the nometipotariffa1 parameter.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-43376","reference_id":"","reference_type":"","scores":[{"value":"0.0011","scoring_system":"epss","scoring_elements":"0.28996","published_at":"2026-06-06T12:55:00Z"},{"value":"0.0011","scoring_system":"epss","scoring_elements":"0.28926","published_at":"2026-06-08T12:55:00Z"},{"value":"0.0011","scoring_system":"epss","scoring_elements":"0.28937","published_at":"2026-06-09T12:55:00Z"},{"value":"0.0011","scoring_system":"epss","scoring_elements":"0.2903","published_at":"2026-06-05T12:55:00Z"},{"value":"0.0011","scoring_system":"epss","scoring_elements":"0.2896","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-43376"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43376","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43376"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1052572","reference_id":"1052572","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1052572"},{"reference_url":"https://flashy-lemonade-192.notion.site/Cross-site-scripting-in-hoteldruid-version-3-0-5-via-nometipotariffa1-post-parameter-703fde27462c43a1aaa1097fb3416cdc?pvs=4","reference_id":"Cross-site-scripting-in-hoteldruid-version-3-0-5-via-nometipotariffa1-post-parameter-703fde27462c43a1aaa1097fb3416cdc?pvs=4","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-24T17:49:58Z/"}],"url":"https://flashy-lemonade-192.notion.site/Cross-site-scripting-in-hoteldruid-version-3-0-5-via-nometipotariffa1-post-parameter-703fde27462c43a1aaa1097fb3416cdc?pvs=4"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/195991?format=json","purl":"pkg:deb/debian/hoteldruid@3.0.8-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/hoteldruid@3.0.8-1"}],"aliases":["CVE-2023-43376"],"risk_score":1.4,"exploitability":"0.5","weighted_severity":"2.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-p8gv-73tk-6qd1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/72503?format=json","vulnerability_id":"VCID-pbq9-pg4b-qqb1","summary":"In HotelDruid 3.0.7, an unauthenticated attacker can exploit verbose SQL error messages on creadb.php before the 'create database' button is pressed. By sending malformed POST requests to this endpoint, the attacker may obtain the administrator username, password hash, and salt. In some cases, the attack results in a Denial of Service (DoS), preventing the administrator from logging in even with the correct credentials.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-44203","reference_id":"","reference_type":"","scores":[{"value":"0.00082","scoring_system":"epss","scoring_elements":"0.24058","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00082","scoring_system":"epss","scoring_elements":"0.24182","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00082","scoring_system":"epss","scoring_elements":"0.24164","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00082","scoring_system":"epss","scoring_elements":"0.2411","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00082","scoring_system":"epss","scoring_elements":"0.24053","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-44203"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-44203","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-44203"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1108154","reference_id":"1108154","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1108154"},{"reference_url":"https://github.com/IvanT7D3/CVE-2025-44203/tree/main","reference_id":"main","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-24T15:30:41Z/"}],"url":"https://github.com/IvanT7D3/CVE-2025-44203/tree/main"},{"reference_url":"https://www.hoteldruid.com/","reference_id":"www.hoteldruid.com","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-24T15:30:41Z/"}],"url":"https://www.hoteldruid.com/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/195991?format=json","purl":"pkg:deb/debian/hoteldruid@3.0.8-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/hoteldruid@3.0.8-1"}],"aliases":["CVE-2025-44203"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-pbq9-pg4b-qqb1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/72487?format=json","vulnerability_id":"VCID-pkys-z5fy-xbfy","summary":"A Stored Cross Site Scripting (XSS) vulnerability exists in multiple pages of Hotel Druid version 3.0.4, which allows arbitrary execution of commands. The vulnerable fields are Surname, Name, and Nickname in the Document function.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-29839","reference_id":"","reference_type":"","scores":[{"value":"0.00536","scoring_system":"epss","scoring_elements":"0.67856","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00536","scoring_system":"epss","scoring_elements":"0.67831","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00536","scoring_system":"epss","scoring_elements":"0.67846","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00536","scoring_system":"epss","scoring_elements":"0.67849","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00536","scoring_system":"epss","scoring_elements":"0.67845","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-29839"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29839","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29839"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1035671","reference_id":"1035671","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1035671"},{"reference_url":"https://github.com/jichngan/CVE-2023-29839","reference_id":"CVE-2023-29839","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-01-30T17:13:21Z/"}],"url":"https://github.com/jichngan/CVE-2023-29839"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/195991?format=json","purl":"pkg:deb/debian/hoteldruid@3.0.8-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/hoteldruid@3.0.8-1"}],"aliases":["CVE-2023-29839"],"risk_score":2.5,"exploitability":"0.5","weighted_severity":"4.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-pkys-z5fy-xbfy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/72502?format=json","vulnerability_id":"VCID-r62u-8e3g-xyb8","summary":"An issue in HotelDruid version 3.0.7 and earlier allows users to set weak passwords due to the lack of enforcement of password strength policies.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-25749","reference_id":"","reference_type":"","scores":[{"value":"0.01333","scoring_system":"epss","scoring_elements":"0.80329","published_at":"2026-06-06T12:55:00Z"},{"value":"0.01333","scoring_system":"epss","scoring_elements":"0.80318","published_at":"2026-06-08T12:55:00Z"},{"value":"0.01333","scoring_system":"epss","scoring_elements":"0.80339","published_at":"2026-06-09T12:55:00Z"},{"value":"0.01333","scoring_system":"epss","scoring_elements":"0.80326","published_at":"2026-06-05T12:55:00Z"},{"value":"0.01333","scoring_system":"epss","scoring_elements":"0.80325","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-25749"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-25749","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-25749"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1101015","reference_id":"1101015","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1101015"},{"reference_url":"https://www.huyvo.net/post/cve-2025-25749-weak-password-policy-in-hoteldruid-3-0-7","reference_id":"cve-2025-25749-weak-password-policy-in-hoteldruid-3-0-7","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-24T17:28:45Z/"}],"url":"https://www.huyvo.net/post/cve-2025-25749-weak-password-policy-in-hoteldruid-3-0-7"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/195991?format=json","purl":"pkg:deb/debian/hoteldruid@3.0.8-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/hoteldruid@3.0.8-1"}],"aliases":["CVE-2025-25749"],"risk_score":1.8,"exploitability":"0.5","weighted_severity":"3.5","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-r62u-8e3g-xyb8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/72491?format=json","vulnerability_id":"VCID-re67-9hnu-hyfb","summary":"Hoteldruid v3.0.5 was discovered to contain a SQL injection vulnerability via the numcaselle parameter at /hoteldruid/creaprezzi.php.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-43371","reference_id":"","reference_type":"","scores":[{"value":"0.00296","scoring_system":"epss","scoring_elements":"0.53271","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00296","scoring_system":"epss","scoring_elements":"0.53228","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00296","scoring_system":"epss","scoring_elements":"0.53252","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00296","scoring_system":"epss","scoring_elements":"0.53263","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00296","scoring_system":"epss","scoring_elements":"0.53254","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-43371"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43371","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43371"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1052572","reference_id":"1052572","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1052572"},{"reference_url":"https://flashy-lemonade-192.notion.site/SQL-injection-in-hoteldruid-version-3-0-5-via-numcaselle-parameter-e1e3d6938a464a8db1ca18ee66b7e66e?pvs=4","reference_id":"SQL-injection-in-hoteldruid-version-3-0-5-via-numcaselle-parameter-e1e3d6938a464a8db1ca18ee66b7e66e?pvs=4","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2024-09-24T17:59:42Z/"}],"url":"https://flashy-lemonade-192.notion.site/SQL-injection-in-hoteldruid-version-3-0-5-via-numcaselle-parameter-e1e3d6938a464a8db1ca18ee66b7e66e?pvs=4"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/195991?format=json","purl":"pkg:deb/debian/hoteldruid@3.0.8-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/hoteldruid@3.0.8-1"}],"aliases":["CVE-2023-43371"],"risk_score":2.5,"exploitability":"0.5","weighted_severity":"4.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-re67-9hnu-hyfb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/72496?format=json","vulnerability_id":"VCID-rf2e-d6st-jycw","summary":"A cross-site scripting (XSS) vulnerability in /hoteldruid/visualizza_contratto.php of Hoteldruid v3.0.5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the destinatario_email1 parameter.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-43377","reference_id":"","reference_type":"","scores":[{"value":"0.0011","scoring_system":"epss","scoring_elements":"0.28996","published_at":"2026-06-06T12:55:00Z"},{"value":"0.0011","scoring_system":"epss","scoring_elements":"0.28926","published_at":"2026-06-08T12:55:00Z"},{"value":"0.0011","scoring_system":"epss","scoring_elements":"0.28937","published_at":"2026-06-09T12:55:00Z"},{"value":"0.0011","scoring_system":"epss","scoring_elements":"0.2903","published_at":"2026-06-05T12:55:00Z"},{"value":"0.0011","scoring_system":"epss","scoring_elements":"0.2896","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-43377"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43377","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43377"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1052572","reference_id":"1052572","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1052572"},{"reference_url":"https://flashy-lemonade-192.notion.site/Cross-site-scripting-in-hoteldruid-version-3-0-5-via-destinatario_email1-post-parameter-0ac6596d5b534dd1b2a49987ad065d1c?pvs=4","reference_id":"Cross-site-scripting-in-hoteldruid-version-3-0-5-via-destinatario_email1-post-parameter-0ac6596d5b534dd1b2a49987ad065d1c?pvs=4","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-24T17:49:04Z/"}],"url":"https://flashy-lemonade-192.notion.site/Cross-site-scripting-in-hoteldruid-version-3-0-5-via-destinatario_email1-post-parameter-0ac6596d5b534dd1b2a49987ad065d1c?pvs=4"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/195991?format=json","purl":"pkg:deb/debian/hoteldruid@3.0.8-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/hoteldruid@3.0.8-1"}],"aliases":["CVE-2023-43377"],"risk_score":1.4,"exploitability":"0.5","weighted_severity":"2.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rf2e-d6st-jycw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/72500?format=json","vulnerability_id":"VCID-tpr7-6n73-akgh","summary":"Cross Site Scripting vulnerability in DigitalDruid HotelDruid v.3.0.7 allows an attacker to execute arbitrary code and obtain sensitive information via the ripristina_backup parameter in the crea_backup.php endpoint","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-25747","reference_id":"","reference_type":"","scores":[{"value":"0.01662","scoring_system":"epss","scoring_elements":"0.82443","published_at":"2026-06-09T12:55:00Z"},{"value":"0.01662","scoring_system":"epss","scoring_elements":"0.82438","published_at":"2026-06-05T12:55:00Z"},{"value":"0.01662","scoring_system":"epss","scoring_elements":"0.82437","published_at":"2026-06-06T12:55:00Z"},{"value":"0.01662","scoring_system":"epss","scoring_elements":"0.82436","published_at":"2026-06-07T12:55:00Z"},{"value":"0.01662","scoring_system":"epss","scoring_elements":"0.82429","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-25747"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-25747","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-25747"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1101015","reference_id":"1101015","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1101015"},{"reference_url":"https://www.huyvo.net/post/cve-2025-25747-reflected-xss-vulnerability-in-hoteldruid-3-0-7","reference_id":"cve-2025-25747-reflected-xss-vulnerability-in-hoteldruid-3-0-7","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-12T15:24:36Z/"}],"url":"https://www.huyvo.net/post/cve-2025-25747-reflected-xss-vulnerability-in-hoteldruid-3-0-7"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/195991?format=json","purl":"pkg:deb/debian/hoteldruid@3.0.8-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/hoteldruid@3.0.8-1"}],"aliases":["CVE-2025-25747"],"risk_score":1.6,"exploitability":"0.5","weighted_severity":"3.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-tpr7-6n73-akgh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/72494?format=json","vulnerability_id":"VCID-zbmy-jz9n-z3e3","summary":"Hoteldruid v3.0.5 was discovered to contain multiple SQL injection vulnerabilities at /hoteldruid/clienti.php via the annonascita, annoscaddoc, giornonascita, giornoscaddoc, lingua_cli, mesenascita, and mesescaddoc parameters.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-43375","reference_id":"","reference_type":"","scores":[{"value":"0.00066","scoring_system":"epss","scoring_elements":"0.20646","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00066","scoring_system":"epss","scoring_elements":"0.20535","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00066","scoring_system":"epss","scoring_elements":"0.20547","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00066","scoring_system":"epss","scoring_elements":"0.20658","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00066","scoring_system":"epss","scoring_elements":"0.20604","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-43375"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43375","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43375"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1052572","reference_id":"1052572","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1052572"},{"reference_url":"https://flashy-lemonade-192.notion.site/Cross-site-scripting-in-hoteldruid-version-3-0-5-via-multiple-post-parameter-ddbd9a9011744ed2b8fc995bbc9de56d?pvs=4","reference_id":"Cross-site-scripting-in-hoteldruid-version-3-0-5-via-multiple-post-parameter-ddbd9a9011744ed2b8fc995bbc9de56d?pvs=4","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-09-24T17:57:10Z/"}],"url":"https://flashy-lemonade-192.notion.site/Cross-site-scripting-in-hoteldruid-version-3-0-5-via-multiple-post-parameter-ddbd9a9011744ed2b8fc995bbc9de56d?pvs=4"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/195991?format=json","purl":"pkg:deb/debian/hoteldruid@3.0.8-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/hoteldruid@3.0.8-1"}],"aliases":["CVE-2023-43375"],"risk_score":2.5,"exploitability":"0.5","weighted_severity":"4.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zbmy-jz9n-z3e3"}],"fixing_vulnerabilities":[],"risk_score":"4.4","resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/hoteldruid@3.0.1-1"}