UBUNTU-CVE-2023-29839
- Source
- https://ubuntu.com/security/CVE-2023-29839
- Import Source
- https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2023/UBUNTU-CVE-2023-29839.json
- JSON Data
- https://api.osv.dev/v1/vulns/UBUNTU-CVE-2023-29839
- Published
- 2023-05-03T03:15:00Z
- Modified
- 2025-07-14T06:35:18.701142Z
- Upstream
- Severity
-
- 5.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
- 5.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
- - medium
- Summary
- [none]
- Details
-
A Stored Cross Site Scripting (XSS) vulnerability exists in multiple pages of Hotel Druid version 3.0.4, which allows arbitrary execution of commands. The vulnerable fields are Surname, Name, and Nickname in the Document function.
- References
Affected packages
Ubuntu:Pro:16.04:LTS / hoteldruid
Package
- Name
- hoteldruid
- Purl
- pkg:deb/ubuntu/hoteldruid@2.1.4-1ubuntu2?arch=source&distro=esm-apps/xenial
Ubuntu:Pro:18.04:LTS / hoteldruid
Package
- Name
- hoteldruid
- Purl
- pkg:deb/ubuntu/hoteldruid@2.2.2-1?arch=source&distro=esm-apps/bionic
Ubuntu:Pro:20.04:LTS / hoteldruid
Package
- Name
- hoteldruid
- Purl
- pkg:deb/ubuntu/hoteldruid@3.0.1-1?arch=source&distro=esm-apps/focal
Ubuntu:22.04:LTS / hoteldruid
Package
- Name
- hoteldruid
- Purl
- pkg:deb/ubuntu/hoteldruid@3.0.3-1?arch=source&distro=jammy
Ubuntu:24.04:LTS / hoteldruid
Package
- Name
- hoteldruid
- Purl
- pkg:deb/ubuntu/hoteldruid@3.0.6-1?arch=source&distro=noble