- Package:
- src:hoteldruid
- Source:
- src:hoteldruid
- Submitter:
- Salvatore Bonaccorso
- Date:
- 2026-04-25 14:19:02 UTC
- Severity:
- normal
- Tags:
Hi, The following vulnerability was published for hoteldruid. CVE-2023-43378[0]: | A cross-site scripting (XSS) vulnerability in Hoteldruid v3.0.5 | allows attackers to execute arbitrary web scripts or HTML via a | crafted payload injected into the commento1_1 parameter. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2023-43378 https://www.cve.org/CVERecord?id=CVE-2023-43378 [1] https://flashy-lemonade-192.notion.site/Cross-site-scripting-in-hoteldruid-version-3-0-5-via-commento1_1-post-parameter-44ff18cb61cd4a80bbba75d5e4360ee4 Please adjust the affected versions in the BTS as needed. Regards, Salvatore
Hello, this bug was fixed in hoteldruid 3.0.6 but not originally included in the changelog as the CVE number was not available. The current debian changelog has added the CVE number as fixed in version 3.0.6, instead of adding it to current version 3.0.8. Best regards, Marco De Santis