Source: hoteldruid Version: 3.0.5-1 Severity: important Tags: security upstream X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org>
Hi, The following vulnerabilities were published for hoteldruid. CVE-2023-33817[0]: | hoteldruid v3.0.5 was discovered to contain a SQL injection | vulnerability. CVE-2023-34537[1]: | A Reflected XSS was discovered in HotelDruid version 3.0.5, an | attacker can issue malicious code/command on affected webpage's | parameter to trick user on browser and/or exfiltrate data. If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2023-33817 https://www.cve.org/CVERecord?id=CVE-2023-33817 [1] https://security-tracker.debian.org/tracker/CVE-2023-34537 https://www.cve.org/CVERecord?id=CVE-2023-34537 Please adjust the affected versions in the BTS as needed. Regards, Salvatore