CVE-2025-25747

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2025-25747

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-25747.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2025-25747

Related

UBUNTU-CVE-2025-25747

Withdrawn

2025-03-17T16:51:24.585819Z

Published

2025-03-11T16:15:17Z

Modified

2025-03-12T16:50:32.131910Z

Summary

[none]

Details

Cross Site Scripting vulnerability in DigitalDruid HotelDruid v.3.0.7 allows an attacker to execute arbitrary code and obtain sensitive information via the ripristinabackup parameter in the creabackup.php endpoint

References

Affected packages

Debian:11 / hoteldruid

Package

Name: hoteldruid
Purl: pkg:deb/debian/hoteldruid?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

3.*

3.0.1-1

3.0.3-1

3.0.4-1

3.0.5-1

3.0.6-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / hoteldruid

Package

Name: hoteldruid
Purl: pkg:deb/debian/hoteldruid?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

3.*

3.0.4-1

3.0.5-1

3.0.6-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / hoteldruid

Package

Name: hoteldruid
Purl: pkg:deb/debian/hoteldruid?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

3.*

3.0.4-1

3.0.5-1

3.0.6-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}