Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2023-47164: HotelDruid: Hotel Management Software

Cross-site scripting vulnerability in HOTELDRUID 3.0.5 and earlier allows a remote unauthenticated attacker to execute an arbitrary script on the web browser of the user who is logging in to the product.

CVE
#xss#vulnerability#web#git#auth

Screenshots****Description

Hoteldruid is a free and open source program for hotel management (property management software) developed by DigitalDruid.Net. Thanks to the great flexibility of its web interface it can satisfy a wide range of demands, from bed & breakfasts or vacation rentals with few apartments to hotels with hundreds of rooms. Its main features are:

  • Web-based with access from any connected device.
  • Configurable number and characteristics of rooms, periods, rates, etc.
  • Automatic assignment of the rooms with user defined rules. Details ->
  • Extra costs, special offers and restrictions can be added to the rates. Details ->
  • Customized documents for receipts, invoices, emails, forms, etc. Details ->
  • Multi-user with privileges system. Details ->
  • Point of sale (POS) for bars and restaurants with inventory management. Details ->
  • Comparative statistics about occupancy and revenues. Details ->
  • Creation of pages to check availability from a website. Details ->
  • Released under the AGPL free software license (free and modifiable).
  • Proprietary modules (available on our hosting) for booking engine and channel manager.
  • And also: group bookings, backup system, calendar with drag & drop, etc.
  • In English, Italian and Spanish plus modules for other languages.

You can start using hoteldruid instantly by activating its hosting service. On the hosting service you will find already pre-installed the hoteldruid add-on modules that, once integrated with your website, enable you to collect reservations from Internet without additional commissions and synchronizing with your accounts on Booking.com, Expedia.com and other channels.

Demo

You can try an on line DEMO:

normal user with all the privileges

administrator user (not configured)

page to book from a website (module)

page to check availability from a website

page to complete a reservation from a website (module)

page with the website availability calendar

Latest Release

HotelDruid version 3.0.6 (November 3, 2023). What’s new: possibility to copy existing or deleted reservations, fixed security bugs.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907