{"url":"http://public2.vulnerablecode.io/api/packages/45248?format=json","purl":"pkg:deb/debian/hoteldruid@3.0.8-1?distro=sid","type":"deb","namespace":"debian","name":"hoteldruid","version":"3.0.8-1","qualifiers":{"distro":"sid"},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":null,"latest_non_vulnerable_version":null,"affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/207508?format=json","vulnerability_id":"VCID-1xz1-3scq-yqef","summary":"Hoteldruid before v2.3.1 allows remote authenticated users to cause a denial of service (invoice-creation outage) via the n_file parameter to visualizza_contratto.php with invalid arguments (any non-numeric value), as demonstrated by the anno=2019&id_transazione=1&numero_contratto=1&n_file=a query string to visualizza_contratto.php.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-9085","reference_id":"","reference_type":"","scores":[{"value":"0.00717","scoring_system":"epss","scoring_elements":"0.72854","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00717","scoring_system":"epss","scoring_elements":"0.72933","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-9085"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9085","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9085"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/45249?format=json","purl":"pkg:deb/debian/hoteldruid@2.3.2-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/hoteldruid@2.3.2-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/45247?format=json","purl":"pkg:deb/debian/hoteldruid@3.0.1-1?distro=sid","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2nn9-rgza-87d9"},{"vulnerability":"VCID-4srd-dyed-eyb3"},{"vulnerability":"VCID-558m-mc3y-gkda"},{"vulnerability":"VCID-8fx9-nzvp-ayca"},{"vulnerability":"VCID-bet7-9s79-sqgx"},{"vulnerability":"VCID-bxr7-mb6r-k3fq"},{"vulnerability":"VCID-cfps-neu3-e3cs"},{"vulnerability":"VCID-eh1x-tdqf-eugs"},{"vulnerability":"VCID-etv3-tzr4-wber"},{"vulnerability":"VCID-hn36-tbmp-pfey"},{"vulnerability":"VCID-jt8r-epyb-6ue8"},{"vulnerability":"VCID-jv6q-8jm8-6ubr"},{"vulnerability":"VCID-kx2f-y9xu-m3gp"},{"vulnerability":"VCID-mjg4-ypwn-h3dk"},{"vulnerability":"VCID-n6bb-64gm-67ba"},{"vulnerability":"VCID-pqug-d16y-x3fs"},{"vulnerability":"VCID-pu4m-tx6g-k7cb"},{"vulnerability":"VCID-py67-h37a-kkc7"},{"vulnerability":"VCID-qbz2-j8pb-eqhu"},{"vulnerability":"VCID-ran2-h83t-wke6"},{"vulnerability":"VCID-smee-4ac2-m7dc"},{"vulnerability":"VCID-tf4k-sdp1-tudg"},{"vulnerability":"VCID-wv1z-u3ra-3uhw"},{"vulnerability":"VCID-z46c-xy46-skbf"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/hoteldruid@3.0.1-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/45245?format=json","purl":"pkg:deb/debian/hoteldruid@3.0.4-1?distro=sid","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-8fx9-nzvp-ayca"},{"vulnerability":"VCID-bxr7-mb6r-k3fq"},{"vulnerability":"VCID-cfps-neu3-e3cs"},{"vulnerability":"VCID-eh1x-tdqf-eugs"},{"vulnerability":"VCID-etv3-tzr4-wber"},{"vulnerability":"VCID-hn36-tbmp-pfey"},{"vulnerability":"VCID-jt8r-epyb-6ue8"},{"vulnerability":"VCID-jv6q-8jm8-6ubr"},{"vulnerability":"VCID-kx2f-y9xu-m3gp"},{"vulnerability":"VCID-pqug-d16y-x3fs"},{"vulnerability":"VCID-py67-h37a-kkc7"},{"vulnerability":"VCID-qbz2-j8pb-eqhu"},{"vulnerability":"VCID-ran2-h83t-wke6"},{"vulnerability":"VCID-smee-4ac2-m7dc"},{"vulnerability":"VCID-tf4k-sdp1-tudg"},{"vulnerability":"VCID-wv1z-u3ra-3uhw"},{"vulnerability":"VCID-z46c-xy46-skbf"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/hoteldruid@3.0.4-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/45248?format=json","purl":"pkg:deb/debian/hoteldruid@3.0.8-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/hoteldruid@3.0.8-1%3Fdistro=sid"}],"aliases":["CVE-2019-9085"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1xz1-3scq-yqef"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/209212?format=json","vulnerability_id":"VCID-2nn9-rgza-87d9","summary":"HotelDruid Hotel Management Software v3.0.3 contains a cross-site scripting (XSS) vulnerability via the prezzoperiodo4 parameter in creaprezzi.php.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-26564","reference_id":"","reference_type":"","scores":[{"value":"0.00547","scoring_system":"epss","scoring_elements":"0.68304","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00547","scoring_system":"epss","scoring_elements":"0.68393","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-26564"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26564","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26564"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/45245?format=json","purl":"pkg:deb/debian/hoteldruid@3.0.4-1?distro=sid","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-8fx9-nzvp-ayca"},{"vulnerability":"VCID-bxr7-mb6r-k3fq"},{"vulnerability":"VCID-cfps-neu3-e3cs"},{"vulnerability":"VCID-eh1x-tdqf-eugs"},{"vulnerability":"VCID-etv3-tzr4-wber"},{"vulnerability":"VCID-hn36-tbmp-pfey"},{"vulnerability":"VCID-jt8r-epyb-6ue8"},{"vulnerability":"VCID-jv6q-8jm8-6ubr"},{"vulnerability":"VCID-kx2f-y9xu-m3gp"},{"vulnerability":"VCID-pqug-d16y-x3fs"},{"vulnerability":"VCID-py67-h37a-kkc7"},{"vulnerability":"VCID-qbz2-j8pb-eqhu"},{"vulnerability":"VCID-ran2-h83t-wke6"},{"vulnerability":"VCID-smee-4ac2-m7dc"},{"vulnerability":"VCID-tf4k-sdp1-tudg"},{"vulnerability":"VCID-wv1z-u3ra-3uhw"},{"vulnerability":"VCID-z46c-xy46-skbf"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/hoteldruid@3.0.4-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/45248?format=json","purl":"pkg:deb/debian/hoteldruid@3.0.8-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/hoteldruid@3.0.8-1%3Fdistro=sid"}],"aliases":["CVE-2022-26564"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2nn9-rgza-87d9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/155415?format=json","vulnerability_id":"VCID-4srd-dyed-eyb3","summary":"The component controlla_login function in HotelDruid Hotel Management Software v3.0.3 generates a predictable session token, allowing attackers to bypass authentication via bruteforce attacks.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-42949","reference_id":"","reference_type":"","scores":[{"value":"0.36793","scoring_system":"epss","scoring_elements":"0.97249","published_at":"2026-06-11T12:55:00Z"},{"value":"0.36793","scoring_system":"epss","scoring_elements":"0.97256","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-42949"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42949","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42949"},{"reference_url":"https://github.com/dhammon/HotelDruid-CVE-2021-42949","reference_id":"HotelDruid-CVE-2021-42949","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-06-03T18:17:02Z/"}],"url":"https://github.com/dhammon/HotelDruid-CVE-2021-42949"},{"reference_url":"https://github.com/dhammon/Security","reference_id":"Security","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-06-03T18:17:02Z/"}],"url":"https://github.com/dhammon/Security"},{"reference_url":"https://www.hoteldruid.com/","reference_id":"www.hoteldruid.com","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-06-03T18:17:02Z/"}],"url":"https://www.hoteldruid.com/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/45245?format=json","purl":"pkg:deb/debian/hoteldruid@3.0.4-1?distro=sid","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-8fx9-nzvp-ayca"},{"vulnerability":"VCID-bxr7-mb6r-k3fq"},{"vulnerability":"VCID-cfps-neu3-e3cs"},{"vulnerability":"VCID-eh1x-tdqf-eugs"},{"vulnerability":"VCID-etv3-tzr4-wber"},{"vulnerability":"VCID-hn36-tbmp-pfey"},{"vulnerability":"VCID-jt8r-epyb-6ue8"},{"vulnerability":"VCID-jv6q-8jm8-6ubr"},{"vulnerability":"VCID-kx2f-y9xu-m3gp"},{"vulnerability":"VCID-pqug-d16y-x3fs"},{"vulnerability":"VCID-py67-h37a-kkc7"},{"vulnerability":"VCID-qbz2-j8pb-eqhu"},{"vulnerability":"VCID-ran2-h83t-wke6"},{"vulnerability":"VCID-smee-4ac2-m7dc"},{"vulnerability":"VCID-tf4k-sdp1-tudg"},{"vulnerability":"VCID-wv1z-u3ra-3uhw"},{"vulnerability":"VCID-z46c-xy46-skbf"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/hoteldruid@3.0.4-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/45248?format=json","purl":"pkg:deb/debian/hoteldruid@3.0.8-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/hoteldruid@3.0.8-1%3Fdistro=sid"}],"aliases":["CVE-2021-42949"],"risk_score":4.4,"exploitability":"0.5","weighted_severity":"8.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4srd-dyed-eyb3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/208853?format=json","vulnerability_id":"VCID-558m-mc3y-gkda","summary":"HotelDruid Hotel Management Software v3.0.3 and below was discovered to have exposed session tokens in multiple links via GET parameters, allowing attackers to access user session id's.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-42948","reference_id":"","reference_type":"","scores":[{"value":"0.00185","scoring_system":"epss","scoring_elements":"0.40126","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00185","scoring_system":"epss","scoring_elements":"0.40295","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-42948"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42948","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42948"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/45245?format=json","purl":"pkg:deb/debian/hoteldruid@3.0.4-1?distro=sid","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-8fx9-nzvp-ayca"},{"vulnerability":"VCID-bxr7-mb6r-k3fq"},{"vulnerability":"VCID-cfps-neu3-e3cs"},{"vulnerability":"VCID-eh1x-tdqf-eugs"},{"vulnerability":"VCID-etv3-tzr4-wber"},{"vulnerability":"VCID-hn36-tbmp-pfey"},{"vulnerability":"VCID-jt8r-epyb-6ue8"},{"vulnerability":"VCID-jv6q-8jm8-6ubr"},{"vulnerability":"VCID-kx2f-y9xu-m3gp"},{"vulnerability":"VCID-pqug-d16y-x3fs"},{"vulnerability":"VCID-py67-h37a-kkc7"},{"vulnerability":"VCID-qbz2-j8pb-eqhu"},{"vulnerability":"VCID-ran2-h83t-wke6"},{"vulnerability":"VCID-smee-4ac2-m7dc"},{"vulnerability":"VCID-tf4k-sdp1-tudg"},{"vulnerability":"VCID-wv1z-u3ra-3uhw"},{"vulnerability":"VCID-z46c-xy46-skbf"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/hoteldruid@3.0.4-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/45248?format=json","purl":"pkg:deb/debian/hoteldruid@3.0.8-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/hoteldruid@3.0.8-1%3Fdistro=sid"}],"aliases":["CVE-2021-42948"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-558m-mc3y-gkda"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/209412?format=json","vulnerability_id":"VCID-8fx9-nzvp-ayca","summary":"","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45592","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45592"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/45262?format=json","purl":"pkg:deb/debian/hoteldruid@3.0.6-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/hoteldruid@3.0.6-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/45248?format=json","purl":"pkg:deb/debian/hoteldruid@3.0.8-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/hoteldruid@3.0.8-1%3Fdistro=sid"}],"aliases":["CVE-2022-45592"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8fx9-nzvp-ayca"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/205666?format=json","vulnerability_id":"VCID-aqnd-e4hc-wkfv","summary":"HotelDruid HotelDruid 2.3.0 version 2.3.0 and earlier contains a SQL Injection vulnerability in \"id_utente_mod\" parameter in gestione_utenti.php file that can result in An attacker can dump all the database records of backend webserver. This attack appear to be exploitable via the attack can be done by anyone via specially crafted sql query passed to the \"id_utente_mod=1\" parameter.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-1000871","reference_id":"","reference_type":"","scores":[{"value":"0.00291","scoring_system":"epss","scoring_elements":"0.52896","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00291","scoring_system":"epss","scoring_elements":"0.53025","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-1000871"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000871","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000871"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=917099","reference_id":"917099","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=917099"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/45246?format=json","purl":"pkg:deb/debian/hoteldruid@2.3.0-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/hoteldruid@2.3.0-2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/45247?format=json","purl":"pkg:deb/debian/hoteldruid@3.0.1-1?distro=sid","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2nn9-rgza-87d9"},{"vulnerability":"VCID-4srd-dyed-eyb3"},{"vulnerability":"VCID-558m-mc3y-gkda"},{"vulnerability":"VCID-8fx9-nzvp-ayca"},{"vulnerability":"VCID-bet7-9s79-sqgx"},{"vulnerability":"VCID-bxr7-mb6r-k3fq"},{"vulnerability":"VCID-cfps-neu3-e3cs"},{"vulnerability":"VCID-eh1x-tdqf-eugs"},{"vulnerability":"VCID-etv3-tzr4-wber"},{"vulnerability":"VCID-hn36-tbmp-pfey"},{"vulnerability":"VCID-jt8r-epyb-6ue8"},{"vulnerability":"VCID-jv6q-8jm8-6ubr"},{"vulnerability":"VCID-kx2f-y9xu-m3gp"},{"vulnerability":"VCID-mjg4-ypwn-h3dk"},{"vulnerability":"VCID-n6bb-64gm-67ba"},{"vulnerability":"VCID-pqug-d16y-x3fs"},{"vulnerability":"VCID-pu4m-tx6g-k7cb"},{"vulnerability":"VCID-py67-h37a-kkc7"},{"vulnerability":"VCID-qbz2-j8pb-eqhu"},{"vulnerability":"VCID-ran2-h83t-wke6"},{"vulnerability":"VCID-smee-4ac2-m7dc"},{"vulnerability":"VCID-tf4k-sdp1-tudg"},{"vulnerability":"VCID-wv1z-u3ra-3uhw"},{"vulnerability":"VCID-z46c-xy46-skbf"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/hoteldruid@3.0.1-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/45245?format=json","purl":"pkg:deb/debian/hoteldruid@3.0.4-1?distro=sid","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-8fx9-nzvp-ayca"},{"vulnerability":"VCID-bxr7-mb6r-k3fq"},{"vulnerability":"VCID-cfps-neu3-e3cs"},{"vulnerability":"VCID-eh1x-tdqf-eugs"},{"vulnerability":"VCID-etv3-tzr4-wber"},{"vulnerability":"VCID-hn36-tbmp-pfey"},{"vulnerability":"VCID-jt8r-epyb-6ue8"},{"vulnerability":"VCID-jv6q-8jm8-6ubr"},{"vulnerability":"VCID-kx2f-y9xu-m3gp"},{"vulnerability":"VCID-pqug-d16y-x3fs"},{"vulnerability":"VCID-py67-h37a-kkc7"},{"vulnerability":"VCID-qbz2-j8pb-eqhu"},{"vulnerability":"VCID-ran2-h83t-wke6"},{"vulnerability":"VCID-smee-4ac2-m7dc"},{"vulnerability":"VCID-tf4k-sdp1-tudg"},{"vulnerability":"VCID-wv1z-u3ra-3uhw"},{"vulnerability":"VCID-z46c-xy46-skbf"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/hoteldruid@3.0.4-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/45248?format=json","purl":"pkg:deb/debian/hoteldruid@3.0.8-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/hoteldruid@3.0.8-1%3Fdistro=sid"}],"aliases":["CVE-2018-1000871"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-aqnd-e4hc-wkfv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/207510?format=json","vulnerability_id":"VCID-axj2-n99b-9qgc","summary":"HotelDruid before v2.3.1 has SQL Injection via the /visualizza_tabelle.php anno parameter.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-9086","reference_id":"","reference_type":"","scores":[{"value":"0.0043","scoring_system":"epss","scoring_elements":"0.62982","published_at":"2026-06-11T12:55:00Z"},{"value":"0.0043","scoring_system":"epss","scoring_elements":"0.63083","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-9086"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9086","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9086"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/45249?format=json","purl":"pkg:deb/debian/hoteldruid@2.3.2-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/hoteldruid@2.3.2-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/45247?format=json","purl":"pkg:deb/debian/hoteldruid@3.0.1-1?distro=sid","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2nn9-rgza-87d9"},{"vulnerability":"VCID-4srd-dyed-eyb3"},{"vulnerability":"VCID-558m-mc3y-gkda"},{"vulnerability":"VCID-8fx9-nzvp-ayca"},{"vulnerability":"VCID-bet7-9s79-sqgx"},{"vulnerability":"VCID-bxr7-mb6r-k3fq"},{"vulnerability":"VCID-cfps-neu3-e3cs"},{"vulnerability":"VCID-eh1x-tdqf-eugs"},{"vulnerability":"VCID-etv3-tzr4-wber"},{"vulnerability":"VCID-hn36-tbmp-pfey"},{"vulnerability":"VCID-jt8r-epyb-6ue8"},{"vulnerability":"VCID-jv6q-8jm8-6ubr"},{"vulnerability":"VCID-kx2f-y9xu-m3gp"},{"vulnerability":"VCID-mjg4-ypwn-h3dk"},{"vulnerability":"VCID-n6bb-64gm-67ba"},{"vulnerability":"VCID-pqug-d16y-x3fs"},{"vulnerability":"VCID-pu4m-tx6g-k7cb"},{"vulnerability":"VCID-py67-h37a-kkc7"},{"vulnerability":"VCID-qbz2-j8pb-eqhu"},{"vulnerability":"VCID-ran2-h83t-wke6"},{"vulnerability":"VCID-smee-4ac2-m7dc"},{"vulnerability":"VCID-tf4k-sdp1-tudg"},{"vulnerability":"VCID-wv1z-u3ra-3uhw"},{"vulnerability":"VCID-z46c-xy46-skbf"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/hoteldruid@3.0.1-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/45245?format=json","purl":"pkg:deb/debian/hoteldruid@3.0.4-1?distro=sid","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-8fx9-nzvp-ayca"},{"vulnerability":"VCID-bxr7-mb6r-k3fq"},{"vulnerability":"VCID-cfps-neu3-e3cs"},{"vulnerability":"VCID-eh1x-tdqf-eugs"},{"vulnerability":"VCID-etv3-tzr4-wber"},{"vulnerability":"VCID-hn36-tbmp-pfey"},{"vulnerability":"VCID-jt8r-epyb-6ue8"},{"vulnerability":"VCID-jv6q-8jm8-6ubr"},{"vulnerability":"VCID-kx2f-y9xu-m3gp"},{"vulnerability":"VCID-pqug-d16y-x3fs"},{"vulnerability":"VCID-py67-h37a-kkc7"},{"vulnerability":"VCID-qbz2-j8pb-eqhu"},{"vulnerability":"VCID-ran2-h83t-wke6"},{"vulnerability":"VCID-smee-4ac2-m7dc"},{"vulnerability":"VCID-tf4k-sdp1-tudg"},{"vulnerability":"VCID-wv1z-u3ra-3uhw"},{"vulnerability":"VCID-z46c-xy46-skbf"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/hoteldruid@3.0.4-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/45248?format=json","purl":"pkg:deb/debian/hoteldruid@3.0.8-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/hoteldruid@3.0.8-1%3Fdistro=sid"}],"aliases":["CVE-2019-9086"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-axj2-n99b-9qgc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/207488?format=json","vulnerability_id":"VCID-b9xw-6gr2-vyaj","summary":"HotelDruid 2.3.0 has XSS affecting the nsextt, cambia1, mese_fine, origine, and anno parameters in creaprezzi.php, tabella3.php, personalizza.php, and visualizza_tabelle.php.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-8937","reference_id":"","reference_type":"","scores":[{"value":"0.43768","scoring_system":"epss","scoring_elements":"0.97611","published_at":"2026-06-11T12:55:00Z"},{"value":"0.43768","scoring_system":"epss","scoring_elements":"0.97619","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-8937"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8937","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8937"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=929136","reference_id":"929136","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=929136"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/46429.txt","reference_id":"CVE-2019-8937","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/46429.txt"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/45249?format=json","purl":"pkg:deb/debian/hoteldruid@2.3.2-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/hoteldruid@2.3.2-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/45247?format=json","purl":"pkg:deb/debian/hoteldruid@3.0.1-1?distro=sid","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2nn9-rgza-87d9"},{"vulnerability":"VCID-4srd-dyed-eyb3"},{"vulnerability":"VCID-558m-mc3y-gkda"},{"vulnerability":"VCID-8fx9-nzvp-ayca"},{"vulnerability":"VCID-bet7-9s79-sqgx"},{"vulnerability":"VCID-bxr7-mb6r-k3fq"},{"vulnerability":"VCID-cfps-neu3-e3cs"},{"vulnerability":"VCID-eh1x-tdqf-eugs"},{"vulnerability":"VCID-etv3-tzr4-wber"},{"vulnerability":"VCID-hn36-tbmp-pfey"},{"vulnerability":"VCID-jt8r-epyb-6ue8"},{"vulnerability":"VCID-jv6q-8jm8-6ubr"},{"vulnerability":"VCID-kx2f-y9xu-m3gp"},{"vulnerability":"VCID-mjg4-ypwn-h3dk"},{"vulnerability":"VCID-n6bb-64gm-67ba"},{"vulnerability":"VCID-pqug-d16y-x3fs"},{"vulnerability":"VCID-pu4m-tx6g-k7cb"},{"vulnerability":"VCID-py67-h37a-kkc7"},{"vulnerability":"VCID-qbz2-j8pb-eqhu"},{"vulnerability":"VCID-ran2-h83t-wke6"},{"vulnerability":"VCID-smee-4ac2-m7dc"},{"vulnerability":"VCID-tf4k-sdp1-tudg"},{"vulnerability":"VCID-wv1z-u3ra-3uhw"},{"vulnerability":"VCID-z46c-xy46-skbf"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/hoteldruid@3.0.1-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/45245?format=json","purl":"pkg:deb/debian/hoteldruid@3.0.4-1?distro=sid","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-8fx9-nzvp-ayca"},{"vulnerability":"VCID-bxr7-mb6r-k3fq"},{"vulnerability":"VCID-cfps-neu3-e3cs"},{"vulnerability":"VCID-eh1x-tdqf-eugs"},{"vulnerability":"VCID-etv3-tzr4-wber"},{"vulnerability":"VCID-hn36-tbmp-pfey"},{"vulnerability":"VCID-jt8r-epyb-6ue8"},{"vulnerability":"VCID-jv6q-8jm8-6ubr"},{"vulnerability":"VCID-kx2f-y9xu-m3gp"},{"vulnerability":"VCID-pqug-d16y-x3fs"},{"vulnerability":"VCID-py67-h37a-kkc7"},{"vulnerability":"VCID-qbz2-j8pb-eqhu"},{"vulnerability":"VCID-ran2-h83t-wke6"},{"vulnerability":"VCID-smee-4ac2-m7dc"},{"vulnerability":"VCID-tf4k-sdp1-tudg"},{"vulnerability":"VCID-wv1z-u3ra-3uhw"},{"vulnerability":"VCID-z46c-xy46-skbf"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/hoteldruid@3.0.4-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/45248?format=json","purl":"pkg:deb/debian/hoteldruid@3.0.8-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/hoteldruid@3.0.8-1%3Fdistro=sid"}],"aliases":["CVE-2019-8937"],"risk_score":0.8,"exploitability":"2.0","weighted_severity":"0.4","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-b9xw-6gr2-vyaj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/207511?format=json","vulnerability_id":"VCID-bcn6-uc4q-27c9","summary":"HotelDruid before v2.3.1 has SQL Injection via the /tab_tariffe.php numtariffa1 parameter.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-9087","reference_id":"","reference_type":"","scores":[{"value":"0.0043","scoring_system":"epss","scoring_elements":"0.62982","published_at":"2026-06-11T12:55:00Z"},{"value":"0.0043","scoring_system":"epss","scoring_elements":"0.63083","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-9087"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9087","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9087"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/45249?format=json","purl":"pkg:deb/debian/hoteldruid@2.3.2-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/hoteldruid@2.3.2-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/45247?format=json","purl":"pkg:deb/debian/hoteldruid@3.0.1-1?distro=sid","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2nn9-rgza-87d9"},{"vulnerability":"VCID-4srd-dyed-eyb3"},{"vulnerability":"VCID-558m-mc3y-gkda"},{"vulnerability":"VCID-8fx9-nzvp-ayca"},{"vulnerability":"VCID-bet7-9s79-sqgx"},{"vulnerability":"VCID-bxr7-mb6r-k3fq"},{"vulnerability":"VCID-cfps-neu3-e3cs"},{"vulnerability":"VCID-eh1x-tdqf-eugs"},{"vulnerability":"VCID-etv3-tzr4-wber"},{"vulnerability":"VCID-hn36-tbmp-pfey"},{"vulnerability":"VCID-jt8r-epyb-6ue8"},{"vulnerability":"VCID-jv6q-8jm8-6ubr"},{"vulnerability":"VCID-kx2f-y9xu-m3gp"},{"vulnerability":"VCID-mjg4-ypwn-h3dk"},{"vulnerability":"VCID-n6bb-64gm-67ba"},{"vulnerability":"VCID-pqug-d16y-x3fs"},{"vulnerability":"VCID-pu4m-tx6g-k7cb"},{"vulnerability":"VCID-py67-h37a-kkc7"},{"vulnerability":"VCID-qbz2-j8pb-eqhu"},{"vulnerability":"VCID-ran2-h83t-wke6"},{"vulnerability":"VCID-smee-4ac2-m7dc"},{"vulnerability":"VCID-tf4k-sdp1-tudg"},{"vulnerability":"VCID-wv1z-u3ra-3uhw"},{"vulnerability":"VCID-z46c-xy46-skbf"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/hoteldruid@3.0.1-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/45245?format=json","purl":"pkg:deb/debian/hoteldruid@3.0.4-1?distro=sid","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-8fx9-nzvp-ayca"},{"vulnerability":"VCID-bxr7-mb6r-k3fq"},{"vulnerability":"VCID-cfps-neu3-e3cs"},{"vulnerability":"VCID-eh1x-tdqf-eugs"},{"vulnerability":"VCID-etv3-tzr4-wber"},{"vulnerability":"VCID-hn36-tbmp-pfey"},{"vulnerability":"VCID-jt8r-epyb-6ue8"},{"vulnerability":"VCID-jv6q-8jm8-6ubr"},{"vulnerability":"VCID-kx2f-y9xu-m3gp"},{"vulnerability":"VCID-pqug-d16y-x3fs"},{"vulnerability":"VCID-py67-h37a-kkc7"},{"vulnerability":"VCID-qbz2-j8pb-eqhu"},{"vulnerability":"VCID-ran2-h83t-wke6"},{"vulnerability":"VCID-smee-4ac2-m7dc"},{"vulnerability":"VCID-tf4k-sdp1-tudg"},{"vulnerability":"VCID-wv1z-u3ra-3uhw"},{"vulnerability":"VCID-z46c-xy46-skbf"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/hoteldruid@3.0.4-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/45248?format=json","purl":"pkg:deb/debian/hoteldruid@3.0.8-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/hoteldruid@3.0.8-1%3Fdistro=sid"}],"aliases":["CVE-2019-9087"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bcn6-uc4q-27c9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/208660?format=json","vulnerability_id":"VCID-bet7-9s79-sqgx","summary":"A SQL injection vulnerability exists in version 3.0.2 of Hotel Druid when SQLite is being used as the application database. A malicious attacker can issue SQL commands to the SQLite database through the vulnerable idappartamenti parameter.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-37832","reference_id":"","reference_type":"","scores":[{"value":"0.1308","scoring_system":"epss","scoring_elements":"0.94266","published_at":"2026-06-11T12:55:00Z"},{"value":"0.1308","scoring_system":"epss","scoring_elements":"0.94286","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-37832"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37832","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37832"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=991910","reference_id":"991910","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=991910"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/45250?format=json","purl":"pkg:deb/debian/hoteldruid@3.0.3-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/hoteldruid@3.0.3-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/45245?format=json","purl":"pkg:deb/debian/hoteldruid@3.0.4-1?distro=sid","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-8fx9-nzvp-ayca"},{"vulnerability":"VCID-bxr7-mb6r-k3fq"},{"vulnerability":"VCID-cfps-neu3-e3cs"},{"vulnerability":"VCID-eh1x-tdqf-eugs"},{"vulnerability":"VCID-etv3-tzr4-wber"},{"vulnerability":"VCID-hn36-tbmp-pfey"},{"vulnerability":"VCID-jt8r-epyb-6ue8"},{"vulnerability":"VCID-jv6q-8jm8-6ubr"},{"vulnerability":"VCID-kx2f-y9xu-m3gp"},{"vulnerability":"VCID-pqug-d16y-x3fs"},{"vulnerability":"VCID-py67-h37a-kkc7"},{"vulnerability":"VCID-qbz2-j8pb-eqhu"},{"vulnerability":"VCID-ran2-h83t-wke6"},{"vulnerability":"VCID-smee-4ac2-m7dc"},{"vulnerability":"VCID-tf4k-sdp1-tudg"},{"vulnerability":"VCID-wv1z-u3ra-3uhw"},{"vulnerability":"VCID-z46c-xy46-skbf"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/hoteldruid@3.0.4-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/45248?format=json","purl":"pkg:deb/debian/hoteldruid@3.0.8-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/hoteldruid@3.0.8-1%3Fdistro=sid"}],"aliases":["CVE-2021-37832"],"risk_score":0.1,"exploitability":"0.5","weighted_severity":"0.1","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bet7-9s79-sqgx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/89022?format=json","vulnerability_id":"VCID-bxr7-mb6r-k3fq","summary":"An issue in HotelDruid version 3.0.7 and earlier allows users to set weak passwords due to the lack of enforcement of password strength policies.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-25749","reference_id":"","reference_type":"","scores":[{"value":"0.01333","scoring_system":"epss","scoring_elements":"0.80379","published_at":"2026-06-11T12:55:00Z"},{"value":"0.01333","scoring_system":"epss","scoring_elements":"0.8044","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-25749"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-25749","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-25749"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1101015","reference_id":"1101015","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1101015"},{"reference_url":"https://www.huyvo.net/post/cve-2025-25749-weak-password-policy-in-hoteldruid-3-0-7","reference_id":"cve-2025-25749-weak-password-policy-in-hoteldruid-3-0-7","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-24T17:28:45Z/"}],"url":"https://www.huyvo.net/post/cve-2025-25749-weak-password-policy-in-hoteldruid-3-0-7"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/45248?format=json","purl":"pkg:deb/debian/hoteldruid@3.0.8-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/hoteldruid@3.0.8-1%3Fdistro=sid"}],"aliases":["CVE-2025-25749"],"risk_score":1.8,"exploitability":"0.5","weighted_severity":"3.5","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bxr7-mb6r-k3fq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/143747?format=json","vulnerability_id":"VCID-cfps-neu3-e3cs","summary":"hoteldruid v3.0.5 was discovered to contain a SQL injection vulnerability.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-33817","reference_id":"","reference_type":"","scores":[{"value":"0.12103","scoring_system":"epss","scoring_elements":"0.93962","published_at":"2026-06-11T12:55:00Z"},{"value":"0.12103","scoring_system":"epss","scoring_elements":"0.93982","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-33817"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-33817","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-33817"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1038251","reference_id":"1038251","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1038251"},{"reference_url":"https://github.com/leekenghwa/CVE-2023-33817---SQL-Injection-found-in-HotelDruid-3.0.5","reference_id":"CVE-2023-33817---SQL-Injection-found-in-HotelDruid-3.0.5","reference_type":"","scores":[{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-01-03T02:20:24Z/"}],"url":"https://github.com/leekenghwa/CVE-2023-33817---SQL-Injection-found-in-HotelDruid-3.0.5"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/45262?format=json","purl":"pkg:deb/debian/hoteldruid@3.0.6-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/hoteldruid@3.0.6-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/45248?format=json","purl":"pkg:deb/debian/hoteldruid@3.0.8-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/hoteldruid@3.0.8-1%3Fdistro=sid"}],"aliases":["CVE-2023-33817"],"risk_score":0.1,"exploitability":"0.5","weighted_severity":"0.1","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-cfps-neu3-e3cs"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/94542?format=json","vulnerability_id":"VCID-eh1x-tdqf-eugs","summary":"In HotelDruid 3.0.7, an unauthenticated attacker can exploit verbose SQL error messages on creadb.php before the 'create database' button is pressed. By sending malformed POST requests to this endpoint, the attacker may obtain the administrator username, password hash, and salt. In some cases, the attack results in a Denial of Service (DoS), preventing the administrator from logging in even with the correct credentials.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-44203","reference_id":"","reference_type":"","scores":[{"value":"0.00082","scoring_system":"epss","scoring_elements":"0.24078","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00082","scoring_system":"epss","scoring_elements":"0.24274","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-44203"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-44203","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-44203"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1108154","reference_id":"1108154","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1108154"},{"reference_url":"https://github.com/IvanT7D3/CVE-2025-44203/tree/main","reference_id":"main","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-24T15:30:41Z/"}],"url":"https://github.com/IvanT7D3/CVE-2025-44203/tree/main"},{"reference_url":"https://www.hoteldruid.com/","reference_id":"www.hoteldruid.com","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-24T15:30:41Z/"}],"url":"https://www.hoteldruid.com/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/45248?format=json","purl":"pkg:deb/debian/hoteldruid@3.0.8-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/hoteldruid@3.0.8-1%3Fdistro=sid"}],"aliases":["CVE-2025-44203"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-eh1x-tdqf-eugs"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/128704?format=json","vulnerability_id":"VCID-etv3-tzr4-wber","summary":"Hoteldruid v3.0.5 was discovered to contain a SQL injection vulnerability via the id_utente_log parameter at /hoteldruid/personalizza.php.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-43374","reference_id":"","reference_type":"","scores":[{"value":"0.23834","scoring_system":"epss","scoring_elements":"0.96137","published_at":"2026-06-11T12:55:00Z"},{"value":"0.23834","scoring_system":"epss","scoring_elements":"0.96148","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-43374"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43374","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43374"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1052572","reference_id":"1052572","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1052572"},{"reference_url":"https://flashy-lemonade-192.notion.site/SQL-injection-in-hoteldruid-version-3-0-5-via-id_utente_log-parameter-8b89f014004947e7bd2ecdacf1610cf9?pvs=4","reference_id":"SQL-injection-in-hoteldruid-version-3-0-5-via-id_utente_log-parameter-8b89f014004947e7bd2ecdacf1610cf9?pvs=4","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2024-09-24T17:58:16Z/"}],"url":"https://flashy-lemonade-192.notion.site/SQL-injection-in-hoteldruid-version-3-0-5-via-id_utente_log-parameter-8b89f014004947e7bd2ecdacf1610cf9?pvs=4"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/45262?format=json","purl":"pkg:deb/debian/hoteldruid@3.0.6-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/hoteldruid@3.0.6-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/45248?format=json","purl":"pkg:deb/debian/hoteldruid@3.0.8-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/hoteldruid@3.0.8-1%3Fdistro=sid"}],"aliases":["CVE-2023-43374"],"risk_score":2.5,"exploitability":"0.5","weighted_severity":"4.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-etv3-tzr4-wber"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/207507?format=json","vulnerability_id":"VCID-guag-fdtp-pyc7","summary":"In Hoteldruid before 2.3.1, a division by zero was discovered in $num_tabelle in tab_tariffe.php (aka the numtariffa1 parameter) due to the mishandling of non-numeric values, as demonstrated by the /tab_tariffe.php?anno=[YEAR]&numtariffa1=1a URI. It could allow an administrator to conduct remote denial of service (disrupting certain business functions of the product).","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-9084","reference_id":"","reference_type":"","scores":[{"value":"0.00735","scoring_system":"epss","scoring_elements":"0.73268","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00735","scoring_system":"epss","scoring_elements":"0.73345","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-9084"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9084","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9084"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/45249?format=json","purl":"pkg:deb/debian/hoteldruid@2.3.2-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/hoteldruid@2.3.2-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/45247?format=json","purl":"pkg:deb/debian/hoteldruid@3.0.1-1?distro=sid","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2nn9-rgza-87d9"},{"vulnerability":"VCID-4srd-dyed-eyb3"},{"vulnerability":"VCID-558m-mc3y-gkda"},{"vulnerability":"VCID-8fx9-nzvp-ayca"},{"vulnerability":"VCID-bet7-9s79-sqgx"},{"vulnerability":"VCID-bxr7-mb6r-k3fq"},{"vulnerability":"VCID-cfps-neu3-e3cs"},{"vulnerability":"VCID-eh1x-tdqf-eugs"},{"vulnerability":"VCID-etv3-tzr4-wber"},{"vulnerability":"VCID-hn36-tbmp-pfey"},{"vulnerability":"VCID-jt8r-epyb-6ue8"},{"vulnerability":"VCID-jv6q-8jm8-6ubr"},{"vulnerability":"VCID-kx2f-y9xu-m3gp"},{"vulnerability":"VCID-mjg4-ypwn-h3dk"},{"vulnerability":"VCID-n6bb-64gm-67ba"},{"vulnerability":"VCID-pqug-d16y-x3fs"},{"vulnerability":"VCID-pu4m-tx6g-k7cb"},{"vulnerability":"VCID-py67-h37a-kkc7"},{"vulnerability":"VCID-qbz2-j8pb-eqhu"},{"vulnerability":"VCID-ran2-h83t-wke6"},{"vulnerability":"VCID-smee-4ac2-m7dc"},{"vulnerability":"VCID-tf4k-sdp1-tudg"},{"vulnerability":"VCID-wv1z-u3ra-3uhw"},{"vulnerability":"VCID-z46c-xy46-skbf"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/hoteldruid@3.0.1-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/45245?format=json","purl":"pkg:deb/debian/hoteldruid@3.0.4-1?distro=sid","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-8fx9-nzvp-ayca"},{"vulnerability":"VCID-bxr7-mb6r-k3fq"},{"vulnerability":"VCID-cfps-neu3-e3cs"},{"vulnerability":"VCID-eh1x-tdqf-eugs"},{"vulnerability":"VCID-etv3-tzr4-wber"},{"vulnerability":"VCID-hn36-tbmp-pfey"},{"vulnerability":"VCID-jt8r-epyb-6ue8"},{"vulnerability":"VCID-jv6q-8jm8-6ubr"},{"vulnerability":"VCID-kx2f-y9xu-m3gp"},{"vulnerability":"VCID-pqug-d16y-x3fs"},{"vulnerability":"VCID-py67-h37a-kkc7"},{"vulnerability":"VCID-qbz2-j8pb-eqhu"},{"vulnerability":"VCID-ran2-h83t-wke6"},{"vulnerability":"VCID-smee-4ac2-m7dc"},{"vulnerability":"VCID-tf4k-sdp1-tudg"},{"vulnerability":"VCID-wv1z-u3ra-3uhw"},{"vulnerability":"VCID-z46c-xy46-skbf"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/hoteldruid@3.0.4-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/45248?format=json","purl":"pkg:deb/debian/hoteldruid@3.0.8-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/hoteldruid@3.0.8-1%3Fdistro=sid"}],"aliases":["CVE-2019-9084"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-guag-fdtp-pyc7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/89114?format=json","vulnerability_id":"VCID-hn36-tbmp-pfey","summary":"Cross Site Scripting vulnerability in DigitalDruid HotelDruid v.3.0.7 allows an attacker to execute arbitrary code and obtain sensitive information via the ripristina_backup parameter in the crea_backup.php endpoint","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-25747","reference_id":"","reference_type":"","scores":[{"value":"0.01662","scoring_system":"epss","scoring_elements":"0.8248","published_at":"2026-06-11T12:55:00Z"},{"value":"0.01662","scoring_system":"epss","scoring_elements":"0.82542","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-25747"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-25747","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-25747"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1101015","reference_id":"1101015","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1101015"},{"reference_url":"https://cwe.mitre.org/data/definitions/79.html","reference_id":"79.html","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-12T15:24:36Z/"}],"url":"https://cwe.mitre.org/data/definitions/79.html"},{"reference_url":"https://www.huyvo.net/post/cve-2025-25747-reflected-xss-vulnerability-in-hoteldruid-3-0-7","reference_id":"cve-2025-25747-reflected-xss-vulnerability-in-hoteldruid-3-0-7","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-12T15:24:36Z/"}],"url":"https://www.huyvo.net/post/cve-2025-25747-reflected-xss-vulnerability-in-hoteldruid-3-0-7"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/45248?format=json","purl":"pkg:deb/debian/hoteldruid@3.0.8-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/hoteldruid@3.0.8-1%3Fdistro=sid"}],"aliases":["CVE-2025-25747"],"risk_score":1.6,"exploitability":"0.5","weighted_severity":"3.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hn36-tbmp-pfey"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/121444?format=json","vulnerability_id":"VCID-jt8r-epyb-6ue8","summary":"HotelDruid v3.0.7 and before is vulnerable to Cross Site Scripting (XSS) in the /modifica_app.php file.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-55816","reference_id":"","reference_type":"","scores":[{"value":"0.00033","scoring_system":"epss","scoring_elements":"0.10211","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00033","scoring_system":"epss","scoring_elements":"0.1026","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-55816"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-55816","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-55816"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1122815","reference_id":"1122815","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1122815"},{"reference_url":"https://www.partywave.site/show/research/cve-2025-55816-xss-and-raptx","reference_id":"cve-2025-55816-xss-and-raptx","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-12T21:04:13Z/"}],"url":"https://www.partywave.site/show/research/cve-2025-55816-xss-and-raptx"},{"reference_url":"https://www.hoteldruid.com/en/","reference_id":"en","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-12T21:04:13Z/"}],"url":"https://www.hoteldruid.com/en/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/45248?format=json","purl":"pkg:deb/debian/hoteldruid@3.0.8-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/hoteldruid@3.0.8-1%3Fdistro=sid"}],"aliases":["CVE-2025-55816"],"risk_score":1.5,"exploitability":"0.5","weighted_severity":"3.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jt8r-epyb-6ue8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/147893?format=json","vulnerability_id":"VCID-jv6q-8jm8-6ubr","summary":"Cross-site scripting vulnerability in HOTELDRUID 3.0.5 and earlier allows a remote unauthenticated attacker to execute an arbitrary script on the web browser of the user who is logging in to the product.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-47164","reference_id":"","reference_type":"","scores":[{"value":"0.00266","scoring_system":"epss","scoring_elements":"0.50387","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00266","scoring_system":"epss","scoring_elements":"0.5052","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-47164"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-47164","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-47164"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1055772","reference_id":"1055772","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1055772"},{"reference_url":"https://www.hoteldruid.com/en/download.html","reference_id":"download.html","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-03T17:38:37Z/"}],"url":"https://www.hoteldruid.com/en/download.html"},{"reference_url":"https://jvn.jp/en/jp/JVN99177549/","reference_id":"JVN99177549","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-03T17:38:37Z/"}],"url":"https://jvn.jp/en/jp/JVN99177549/"},{"reference_url":"https://www.hoteldruid.com/","reference_id":"www.hoteldruid.com","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-03T17:38:37Z/"}],"url":"https://www.hoteldruid.com/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/45262?format=json","purl":"pkg:deb/debian/hoteldruid@3.0.6-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/hoteldruid@3.0.6-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/45248?format=json","purl":"pkg:deb/debian/hoteldruid@3.0.8-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/hoteldruid@3.0.8-1%3Fdistro=sid"}],"aliases":["CVE-2023-47164"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jv6q-8jm8-6ubr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/142135?format=json","vulnerability_id":"VCID-kx2f-y9xu-m3gp","summary":"A Reflected XSS was discovered in HotelDruid version 3.0.5, an attacker can issue malicious code/command on affected webpage's parameter to trick user on browser and/or exfiltrate data.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-34537","reference_id":"","reference_type":"","scores":[{"value":"0.12864","scoring_system":"epss","scoring_elements":"0.94202","published_at":"2026-06-11T12:55:00Z"},{"value":"0.12864","scoring_system":"epss","scoring_elements":"0.94223","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-34537"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-34537","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-34537"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1038251","reference_id":"1038251","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1038251"},{"reference_url":"https://github.com/leekenghwa/CVE-2023-34537---XSS-reflected--found-in-HotelDruid-3.0.5","reference_id":"CVE-2023-34537---XSS-reflected--found-in-HotelDruid-3.0.5","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-03T02:18:36Z/"}],"url":"https://github.com/leekenghwa/CVE-2023-34537---XSS-reflected--found-in-HotelDruid-3.0.5"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/45262?format=json","purl":"pkg:deb/debian/hoteldruid@3.0.6-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/hoteldruid@3.0.6-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/45248?format=json","purl":"pkg:deb/debian/hoteldruid@3.0.8-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/hoteldruid@3.0.8-1%3Fdistro=sid"}],"aliases":["CVE-2023-34537"],"risk_score":0.1,"exploitability":"0.5","weighted_severity":"0.1","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-kx2f-y9xu-m3gp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/208661?format=json","vulnerability_id":"VCID-mjg4-ypwn-h3dk","summary":"A reflected cross-site scripting (XSS) vulnerability exists in multiple pages in version 3.0.2 of the Hotel Druid application that allows for arbitrary execution of JavaScript commands.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-37833","reference_id":"","reference_type":"","scores":[{"value":"0.1344","scoring_system":"epss","scoring_elements":"0.94361","published_at":"2026-06-11T12:55:00Z"},{"value":"0.1344","scoring_system":"epss","scoring_elements":"0.9438","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-37833"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37833","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37833"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=991910","reference_id":"991910","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=991910"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/45250?format=json","purl":"pkg:deb/debian/hoteldruid@3.0.3-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/hoteldruid@3.0.3-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/45245?format=json","purl":"pkg:deb/debian/hoteldruid@3.0.4-1?distro=sid","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-8fx9-nzvp-ayca"},{"vulnerability":"VCID-bxr7-mb6r-k3fq"},{"vulnerability":"VCID-cfps-neu3-e3cs"},{"vulnerability":"VCID-eh1x-tdqf-eugs"},{"vulnerability":"VCID-etv3-tzr4-wber"},{"vulnerability":"VCID-hn36-tbmp-pfey"},{"vulnerability":"VCID-jt8r-epyb-6ue8"},{"vulnerability":"VCID-jv6q-8jm8-6ubr"},{"vulnerability":"VCID-kx2f-y9xu-m3gp"},{"vulnerability":"VCID-pqug-d16y-x3fs"},{"vulnerability":"VCID-py67-h37a-kkc7"},{"vulnerability":"VCID-qbz2-j8pb-eqhu"},{"vulnerability":"VCID-ran2-h83t-wke6"},{"vulnerability":"VCID-smee-4ac2-m7dc"},{"vulnerability":"VCID-tf4k-sdp1-tudg"},{"vulnerability":"VCID-wv1z-u3ra-3uhw"},{"vulnerability":"VCID-z46c-xy46-skbf"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/hoteldruid@3.0.4-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/45248?format=json","purl":"pkg:deb/debian/hoteldruid@3.0.8-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/hoteldruid@3.0.8-1%3Fdistro=sid"}],"aliases":["CVE-2021-37833"],"risk_score":0.1,"exploitability":"0.5","weighted_severity":"0.1","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-mjg4-ypwn-h3dk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/208700?format=json","vulnerability_id":"VCID-n6bb-64gm-67ba","summary":"DigitalDruid HotelDruid 3.0.2 has an XSS vulnerability in prenota.php affecting the fineperiodo1 parameter.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-38559","reference_id":"","reference_type":"","scores":[{"value":"0.00254","scoring_system":"epss","scoring_elements":"0.48965","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00254","scoring_system":"epss","scoring_elements":"0.49101","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-38559"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38559","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38559"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/45250?format=json","purl":"pkg:deb/debian/hoteldruid@3.0.3-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/hoteldruid@3.0.3-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/45245?format=json","purl":"pkg:deb/debian/hoteldruid@3.0.4-1?distro=sid","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-8fx9-nzvp-ayca"},{"vulnerability":"VCID-bxr7-mb6r-k3fq"},{"vulnerability":"VCID-cfps-neu3-e3cs"},{"vulnerability":"VCID-eh1x-tdqf-eugs"},{"vulnerability":"VCID-etv3-tzr4-wber"},{"vulnerability":"VCID-hn36-tbmp-pfey"},{"vulnerability":"VCID-jt8r-epyb-6ue8"},{"vulnerability":"VCID-jv6q-8jm8-6ubr"},{"vulnerability":"VCID-kx2f-y9xu-m3gp"},{"vulnerability":"VCID-pqug-d16y-x3fs"},{"vulnerability":"VCID-py67-h37a-kkc7"},{"vulnerability":"VCID-qbz2-j8pb-eqhu"},{"vulnerability":"VCID-ran2-h83t-wke6"},{"vulnerability":"VCID-smee-4ac2-m7dc"},{"vulnerability":"VCID-tf4k-sdp1-tudg"},{"vulnerability":"VCID-wv1z-u3ra-3uhw"},{"vulnerability":"VCID-z46c-xy46-skbf"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/hoteldruid@3.0.4-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/45248?format=json","purl":"pkg:deb/debian/hoteldruid@3.0.8-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/hoteldruid@3.0.8-1%3Fdistro=sid"}],"aliases":["CVE-2021-38559"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-n6bb-64gm-67ba"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/128805?format=json","vulnerability_id":"VCID-pqug-d16y-x3fs","summary":"A cross-site scripting (XSS) vulnerability in /hoteldruid/visualizza_contratto.php of Hoteldruid v3.0.5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the destinatario_email1 parameter.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-43377","reference_id":"","reference_type":"","scores":[{"value":"0.0011","scoring_system":"epss","scoring_elements":"0.28969","published_at":"2026-06-11T12:55:00Z"},{"value":"0.0011","scoring_system":"epss","scoring_elements":"0.29172","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-43377"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43377","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43377"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1052572","reference_id":"1052572","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1052572"},{"reference_url":"https://flashy-lemonade-192.notion.site/Cross-site-scripting-in-hoteldruid-version-3-0-5-via-destinatario_email1-post-parameter-0ac6596d5b534dd1b2a49987ad065d1c?pvs=4","reference_id":"Cross-site-scripting-in-hoteldruid-version-3-0-5-via-destinatario_email1-post-parameter-0ac6596d5b534dd1b2a49987ad065d1c?pvs=4","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-24T17:49:04Z/"}],"url":"https://flashy-lemonade-192.notion.site/Cross-site-scripting-in-hoteldruid-version-3-0-5-via-destinatario_email1-post-parameter-0ac6596d5b534dd1b2a49987ad065d1c?pvs=4"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/45262?format=json","purl":"pkg:deb/debian/hoteldruid@3.0.6-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/hoteldruid@3.0.6-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/45248?format=json","purl":"pkg:deb/debian/hoteldruid@3.0.8-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/hoteldruid@3.0.8-1%3Fdistro=sid"}],"aliases":["CVE-2023-43377"],"risk_score":1.4,"exploitability":"0.5","weighted_severity":"2.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-pqug-d16y-x3fs"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/209153?format=json","vulnerability_id":"VCID-pu4m-tx6g-k7cb","summary":"HotelDruid v3.0.3 was discovered to contain a remote code execution (RCE) vulnerability which is exploited via an attacker inserting a crafted payload into the name field under the Create New Room module.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-22909","reference_id":"","reference_type":"","scores":[{"value":"0.33104","scoring_system":"epss","scoring_elements":"0.97012","published_at":"2026-06-11T12:55:00Z"},{"value":"0.33104","scoring_system":"epss","scoring_elements":"0.97021","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-22909"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22909","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22909"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1006750","reference_id":"1006750","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1006750"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/50754.py","reference_id":"CVE-2022-22909","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/50754.py"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/45245?format=json","purl":"pkg:deb/debian/hoteldruid@3.0.4-1?distro=sid","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-8fx9-nzvp-ayca"},{"vulnerability":"VCID-bxr7-mb6r-k3fq"},{"vulnerability":"VCID-cfps-neu3-e3cs"},{"vulnerability":"VCID-eh1x-tdqf-eugs"},{"vulnerability":"VCID-etv3-tzr4-wber"},{"vulnerability":"VCID-hn36-tbmp-pfey"},{"vulnerability":"VCID-jt8r-epyb-6ue8"},{"vulnerability":"VCID-jv6q-8jm8-6ubr"},{"vulnerability":"VCID-kx2f-y9xu-m3gp"},{"vulnerability":"VCID-pqug-d16y-x3fs"},{"vulnerability":"VCID-py67-h37a-kkc7"},{"vulnerability":"VCID-qbz2-j8pb-eqhu"},{"vulnerability":"VCID-ran2-h83t-wke6"},{"vulnerability":"VCID-smee-4ac2-m7dc"},{"vulnerability":"VCID-tf4k-sdp1-tudg"},{"vulnerability":"VCID-wv1z-u3ra-3uhw"},{"vulnerability":"VCID-z46c-xy46-skbf"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/hoteldruid@3.0.4-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/45248?format=json","purl":"pkg:deb/debian/hoteldruid@3.0.8-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/hoteldruid@3.0.8-1%3Fdistro=sid"}],"aliases":["CVE-2022-22909"],"risk_score":0.6,"exploitability":"2.0","weighted_severity":"0.3","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-pu4m-tx6g-k7cb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/89489?format=json","vulnerability_id":"VCID-py67-h37a-kkc7","summary":"A CSRF vulnerability in the gestione_utenti.php endpoint of HotelDruid 3.0.7 allows attackers to perform unauthorized actions (e.g., modifying user passwords) on behalf of authenticated users by exploiting the lack of origin or referrer validation and the absence of CSRF tokens. NOTE: this is disputed because there is an id_sessione CSRF token.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-25748","reference_id":"","reference_type":"","scores":[{"value":"0.00077","scoring_system":"epss","scoring_elements":"0.2317","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00077","scoring_system":"epss","scoring_elements":"0.23365","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-25748"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-25748","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-25748"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1101015","reference_id":"1101015","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1101015"},{"reference_url":"https://www.huyvo.net/post/cve-2025-25748-cross-site-request-forgery-csrf-vulnerability-in-hoteldruid-3-0-7","reference_id":"cve-2025-25748-cross-site-request-forgery-csrf-vulnerability-in-hoteldruid-3-0-7","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-21T20:39:47Z/"}],"url":"https://www.huyvo.net/post/cve-2025-25748-cross-site-request-forgery-csrf-vulnerability-in-hoteldruid-3-0-7"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/45248?format=json","purl":"pkg:deb/debian/hoteldruid@3.0.8-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/hoteldruid@3.0.8-1%3Fdistro=sid"}],"aliases":["CVE-2025-25748"],"risk_score":1.8,"exploitability":"0.5","weighted_severity":"3.6","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-py67-h37a-kkc7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/140950?format=json","vulnerability_id":"VCID-qbz2-j8pb-eqhu","summary":"A Stored Cross Site Scripting (XSS) vulnerability exists in multiple pages of Hotel Druid version 3.0.4, which allows arbitrary execution of commands. The vulnerable fields are Surname, Name, and Nickname in the Document function.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-29839","reference_id":"","reference_type":"","scores":[{"value":"0.00518","scoring_system":"epss","scoring_elements":"0.67189","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00518","scoring_system":"epss","scoring_elements":"0.67281","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-29839"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29839","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29839"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1035671","reference_id":"1035671","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1035671"},{"reference_url":"https://github.com/jichngan/CVE-2023-29839","reference_id":"CVE-2023-29839","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-01-30T17:13:21Z/"}],"url":"https://github.com/jichngan/CVE-2023-29839"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/45263?format=json","purl":"pkg:deb/debian/hoteldruid@3.0.5-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/hoteldruid@3.0.5-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/45248?format=json","purl":"pkg:deb/debian/hoteldruid@3.0.8-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/hoteldruid@3.0.8-1%3Fdistro=sid"}],"aliases":["CVE-2023-29839"],"risk_score":2.5,"exploitability":"0.5","weighted_severity":"4.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qbz2-j8pb-eqhu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/209875?format=json","vulnerability_id":"VCID-ran2-h83t-wke6","summary":"","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-34854","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-34854"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/45262?format=json","purl":"pkg:deb/debian/hoteldruid@3.0.6-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/hoteldruid@3.0.6-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/45248?format=json","purl":"pkg:deb/debian/hoteldruid@3.0.8-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/hoteldruid@3.0.8-1%3Fdistro=sid"}],"aliases":["CVE-2023-34854"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ran2-h83t-wke6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/128457?format=json","vulnerability_id":"VCID-smee-4ac2-m7dc","summary":"Hoteldruid v3.0.5 was discovered to contain a SQL injection vulnerability via the n_utente_agg parameter at /hoteldruid/interconnessioni.php.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-43373","reference_id":"","reference_type":"","scores":[{"value":"0.23834","scoring_system":"epss","scoring_elements":"0.96137","published_at":"2026-06-11T12:55:00Z"},{"value":"0.23834","scoring_system":"epss","scoring_elements":"0.96148","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-43373"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43373","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43373"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1052572","reference_id":"1052572","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1052572"},{"reference_url":"https://flashy-lemonade-192.notion.site/SQL-injection-in-hoteldruid-version-3-0-5-via-n_utente_agg-parameter-948a6d724b5348f3867ee6d780f98f1a?pvs=4","reference_id":"SQL-injection-in-hoteldruid-version-3-0-5-via-n_utente_agg-parameter-948a6d724b5348f3867ee6d780f98f1a?pvs=4","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2024-09-24T17:58:59Z/"}],"url":"https://flashy-lemonade-192.notion.site/SQL-injection-in-hoteldruid-version-3-0-5-via-n_utente_agg-parameter-948a6d724b5348f3867ee6d780f98f1a?pvs=4"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/45262?format=json","purl":"pkg:deb/debian/hoteldruid@3.0.6-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/hoteldruid@3.0.6-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/45248?format=json","purl":"pkg:deb/debian/hoteldruid@3.0.8-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/hoteldruid@3.0.8-1%3Fdistro=sid"}],"aliases":["CVE-2023-43373"],"risk_score":2.5,"exploitability":"0.5","weighted_severity":"4.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-smee-4ac2-m7dc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/128493?format=json","vulnerability_id":"VCID-tf4k-sdp1-tudg","summary":"Hoteldruid v3.0.5 was discovered to contain a SQL injection vulnerability via the numcaselle parameter at /hoteldruid/creaprezzi.php.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-43371","reference_id":"","reference_type":"","scores":[{"value":"0.00296","scoring_system":"epss","scoring_elements":"0.53322","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00296","scoring_system":"epss","scoring_elements":"0.53447","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-43371"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43371","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43371"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1052572","reference_id":"1052572","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1052572"},{"reference_url":"https://flashy-lemonade-192.notion.site/SQL-injection-in-hoteldruid-version-3-0-5-via-numcaselle-parameter-e1e3d6938a464a8db1ca18ee66b7e66e?pvs=4","reference_id":"SQL-injection-in-hoteldruid-version-3-0-5-via-numcaselle-parameter-e1e3d6938a464a8db1ca18ee66b7e66e?pvs=4","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2024-09-24T17:59:42Z/"}],"url":"https://flashy-lemonade-192.notion.site/SQL-injection-in-hoteldruid-version-3-0-5-via-numcaselle-parameter-e1e3d6938a464a8db1ca18ee66b7e66e?pvs=4"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/45262?format=json","purl":"pkg:deb/debian/hoteldruid@3.0.6-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/hoteldruid@3.0.6-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/45248?format=json","purl":"pkg:deb/debian/hoteldruid@3.0.8-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/hoteldruid@3.0.8-1%3Fdistro=sid"}],"aliases":["CVE-2023-43371"],"risk_score":2.5,"exploitability":"0.5","weighted_severity":"4.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-tf4k-sdp1-tudg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/128588?format=json","vulnerability_id":"VCID-wv1z-u3ra-3uhw","summary":"A cross-site scripting (XSS) vulnerability in /hoteldruid/clienti.php of Hoteldruid v3.0.5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the nometipotariffa1 parameter.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-43376","reference_id":"","reference_type":"","scores":[{"value":"0.0011","scoring_system":"epss","scoring_elements":"0.28969","published_at":"2026-06-11T12:55:00Z"},{"value":"0.0011","scoring_system":"epss","scoring_elements":"0.29172","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-43376"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43376","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43376"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1052572","reference_id":"1052572","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1052572"},{"reference_url":"https://flashy-lemonade-192.notion.site/Cross-site-scripting-in-hoteldruid-version-3-0-5-via-nometipotariffa1-post-parameter-703fde27462c43a1aaa1097fb3416cdc?pvs=4","reference_id":"Cross-site-scripting-in-hoteldruid-version-3-0-5-via-nometipotariffa1-post-parameter-703fde27462c43a1aaa1097fb3416cdc?pvs=4","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-24T17:49:58Z/"}],"url":"https://flashy-lemonade-192.notion.site/Cross-site-scripting-in-hoteldruid-version-3-0-5-via-nometipotariffa1-post-parameter-703fde27462c43a1aaa1097fb3416cdc?pvs=4"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/45262?format=json","purl":"pkg:deb/debian/hoteldruid@3.0.6-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/hoteldruid@3.0.6-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/45248?format=json","purl":"pkg:deb/debian/hoteldruid@3.0.8-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/hoteldruid@3.0.8-1%3Fdistro=sid"}],"aliases":["CVE-2023-43376"],"risk_score":1.4,"exploitability":"0.5","weighted_severity":"2.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wv1z-u3ra-3uhw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/128515?format=json","vulnerability_id":"VCID-z46c-xy46-skbf","summary":"Hoteldruid v3.0.5 was discovered to contain multiple SQL injection vulnerabilities at /hoteldruid/clienti.php via the annonascita, annoscaddoc, giornonascita, giornoscaddoc, lingua_cli, mesenascita, and mesescaddoc parameters.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-43375","reference_id":"","reference_type":"","scores":[{"value":"0.00066","scoring_system":"epss","scoring_elements":"0.20613","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00066","scoring_system":"epss","scoring_elements":"0.20791","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-43375"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43375","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43375"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1052572","reference_id":"1052572","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1052572"},{"reference_url":"https://flashy-lemonade-192.notion.site/Cross-site-scripting-in-hoteldruid-version-3-0-5-via-multiple-post-parameter-ddbd9a9011744ed2b8fc995bbc9de56d?pvs=4","reference_id":"Cross-site-scripting-in-hoteldruid-version-3-0-5-via-multiple-post-parameter-ddbd9a9011744ed2b8fc995bbc9de56d?pvs=4","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-09-24T17:57:10Z/"}],"url":"https://flashy-lemonade-192.notion.site/Cross-site-scripting-in-hoteldruid-version-3-0-5-via-multiple-post-parameter-ddbd9a9011744ed2b8fc995bbc9de56d?pvs=4"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/45262?format=json","purl":"pkg:deb/debian/hoteldruid@3.0.6-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/hoteldruid@3.0.6-1%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/45248?format=json","purl":"pkg:deb/debian/hoteldruid@3.0.8-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/hoteldruid@3.0.8-1%3Fdistro=sid"}],"aliases":["CVE-2023-43375"],"risk_score":2.5,"exploitability":"0.5","weighted_severity":"4.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-z46c-xy46-skbf"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/hoteldruid@3.0.8-1%3Fdistro=sid"}