.. / CVE-2022-26564

Exploit for HotelDruid Hotel Management Software 3.0.3 - Cross-Site Scripting (CVE-2022-26564)

Description:

HotelDruid Hotel Management Software 3.0.3 contains a cross-site scripting vulnerability via the prezzoperiodo4 parameter in creaprezzi.php.

Nuclei Template

View the template here CVE-2022-26564.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2022/CVE-2022-26564.yaml
Copy

References:

https://www.hoteldruid.com
https://github.com/ARPSyndicate/cvemon
https://nvd.nist.gov/vuln/detail/CVE-2022-26564
https://github.com/ARPSyndicate/kenzer-templates
https://rydzak.me/2022/04/cve-2022-26564/