Source: hoteldruid Version: 2.3.2-1 Severity: grave Tags: security upstream
Hi, The following vulnerability was published for hoteldruid. CVE-2019-8937[0]: | HotelDruid 2.3.0 has XSS affecting the nsextt, cambia1, mese_fine, | origine, and anno parameters in creaprezzi.php, tabella3.php, | personalizza.php, and visualizza_tabelle.php. Unless mistaken, then those are not yet fixed in the 2.3.2 upstream which fixed CVE-2019-9084, CVE-2019-9085, CVE-2019-9086 and CVE-2019-9087? If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2019-8937 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8937 [1] https://www.exploit-db.com/exploits/46429/ Please adjust the affected versions in the BTS as needed. Regards, Salvatore
