Candidate: CVE-2019-8937
PublicDate: 2019-05-17 15:29:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8937
 https://www.exploit-db.com/exploits/46429/
 http://packetstormsecurity.com/files/151779/HotelDruid-2.3-Cross-Site-Scripting.html
 https://sourceforge.net/projects/hoteldruid/
Description:
 HotelDruid 2.3.0 has XSS affecting the nsextt, cambia1, mese_fine, origine,
 and anno parameters in creaprezzi.php, tabella3.php, personalizza.php, and
 visualizza_tabelle.php.
Ubuntu-Description:
Notes:
Bugs:
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=929136
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N [6.1 MEDIUM]


Patches_hoteldruid:
upstream_hoteldruid: needs-triage
precise/esm_hoteldruid: DNE
trusty_hoteldruid: ignored (out of standard support)
trusty/esm_hoteldruid: DNE
xenial_hoteldruid: ignored (end of standard support, was needed)
bionic_hoteldruid: needed
cosmic_hoteldruid: ignored (reached end-of-life)
disco_hoteldruid: ignored (reached end-of-life)
eoan_hoteldruid: released (2.3.2-1)
focal_hoteldruid: released (2.3.2-1)
groovy_hoteldruid: released (2.3.2-1)
hirsute_hoteldruid: released (2.3.2-1)
impish_hoteldruid: released (2.3.2-1)
jammy_hoteldruid: released (2.3.2-1)
devel_hoteldruid: released (2.3.2-1)