Arbitrary JavaScript Execution Vulnerability in Hotel Druid Application (Version 3.0.2)

Arbitrary JavaScript Execution Vulnerability in Hotel Druid Application (Version 3.0.2)

CVE-2021-37833 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

A reflected cross-site scripting (XSS) vulnerability exists in multiple pages in version 3.0.2 of the Hotel Druid application that allows for arbitrary execution of JavaScript commands.

Learn more about our Web Application Penetration Testing UK.