VDB
CVE-2019-8937
CVE-2019-8937
PUBLISHED
HotelDruid 2.3.0 has XSS affecting the nsextt, cambia1, mese_fine, origine, and anno parameters in creaprezzi.php, tabella3.php, personalizza.php, and visualizza_tabelle.php.
EPSS 43.77% · 97.6th percentile
Risk Scores
EPSS Score
43.77%
97.6th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:18.04:LTS | hoteldruid | 0, 2.2.2-1, 2.2.1-1 |
| Ubuntu:20.04:LTS | hoteldruid | 0 |
| Ubuntu:16.04:LTS | hoteldruid | 2.1.4-1ubuntu1, 2.1.4-1ubuntu2, 2.1.0-1 |
Exploit Intelligence
- http://packetstormsecurity.com/files/151779/HotelDruid-2.3-Cross-Site-Scripting.html (nist-nvd)
- https://www.exploit-db.com/exploits/46429/ (nist-nvd)
- https://sourceforge.net/projects/hoteldruid/ (circl)
- HotelDruid 2.3 - Cross-Site Scripting Vulnerability (0day-today)
- HotelDruid 2.3 - Cross-Site Scripting Vulnerability (0day-today)
- Nuclei Template: CVE-2019-8937 (nuclei-template)
- Nuclei Template: CVE-2019-8937 (nuclei-template)
- Nuclei Template: CVE-2019-8937 (nuclei-template)
- Nuclei Template: CVE-2019-8937 (nuclei-template)
- Nuclei Template: CVE-2019-8937 (nuclei-template)
…and 1 more exploits
Timeline
- Feb 20, 2019 PoC Published
- May 17, 2019 CVE Published
- Apr 14, 2021 EPSS Score
- Apr 1, 2022 EPSS Score
- Aug 4, 2024 CVE Updated
- Dec 17, 2024 EPSS Score
- Mar 17, 2025 EPSS Score
- Mar 22, 2025 EPSS Score
- Mar 24, 2025 EPSS Score
- Mar 28, 2025 EPSS Score
- Mar 30, 2025 EPSS Score
- Apr 3, 2025 EPSS Score
References
- https://ubuntu.com/security/CVE-2019-8937 third-party-advisory
- https://www.exploit-db.com/exploits/46429/ third-party-advisory
- http://packetstormsecurity.com/files/151779/HotelDruid-2.3-Cross-Site-Scripting.html third-party-advisory
- https://sourceforge.net/projects/hoteldruid/ third-party-advisory
- https://www.cve.org/CVERecord?id=CVE-2019-8937 third-party-advisory