Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
c0719bfd by Salvatore Bonaccorso at 2026-01-18T17:05:36+01:00
Track fixed version for hoteldruid issues
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -15921,7 +15921,7 @@ CVE-2025-58576 (Cross-site request forgery
vulnerability exists in GroupSession
CVE-2025-57883 (Reflected cross-site scripting vulnerability exists in
GroupSession Fr ...)
NOT-FOR-US: GroupSession
CVE-2025-55816 (HotelDruid v3.0.7 and before is vulnerable to Cross Site
Scripting (XS ...)
- - hoteldruid <unfixed> (bug #1122815)
+ - hoteldruid 3.0.8-1 (bug #1122815)
[bookworm] - hoteldruid <no-dsa> (Minor issue)
[bullseye] - hoteldruid <postponed> (Minor issue)
NOTE:
https://www.partywave.site/show/research/cve-2025-55816-xss-and-raptx
@@ -74421,7 +74421,7 @@ CVE-2025-45331 (brplot v420.69.1 contains a Null
Pointer Dereference (NPD) vulne
CVE-2025-44635 (There are multiple unauthorized remote command execution
vulnerabiliti ...)
NOT-FOR-US: H3C
CVE-2025-44203 (In HotelDruid 3.0.7, an unauthenticated attacker can exploit
verbose S ...)
- - hoteldruid <unfixed> (bug #1108154)
+ - hoteldruid 3.0.8-1 (bug #1108154)
[bookworm] - hoteldruid <no-dsa> (Minor issue)
[bullseye] - hoteldruid <no-dsa> (Minor issue)
NOTE: https://github.com/IvanT7D3/CVE-2025-44203
@@ -107833,17 +107833,17 @@ CVE-2025-25927 (A Cross-Site Request Forgery (CSRF)
in Openmrs 2.4.3 Build 0ff0e
CVE-2025-25925 (A stored cross-scripting (XSS) vulnerability in Openmrs v2.4.3
Build 0 ...)
NOT-FOR-US: Openmrs
CVE-2025-25749 (An issue in HotelDruid version 3.0.7 and earlier allows users
to set w ...)
- - hoteldruid <unfixed> (bug #1101015)
+ - hoteldruid 3.0.8-1 (bug #1101015)
[bookworm] - hoteldruid <no-dsa> (Minor issue)
[bullseye] - hoteldruid <postponed> (Minor issue)
NOTE:
https://www.huyvo.net/post/cve-2025-25749-weak-password-policy-in-hoteldruid-3-0-7
CVE-2025-25748 (A CSRF vulnerability in the gestione_utenti.php endpoint of
HotelDruid ...)
- - hoteldruid <unfixed> (bug #1101015)
+ - hoteldruid 3.0.8-1 (bug #1101015)
[bookworm] - hoteldruid <no-dsa> (Minor issue)
[bullseye] - hoteldruid <postponed> (Minor issue)
NOTE:
https://www.huyvo.net/post/cve-2025-25748-cross-site-request-forgery-csrf-vulnerability-in-hoteldruid-3-0-7
CVE-2025-25747 (Cross Site Scripting vulnerability in DigitalDruid HotelDruid
v.3.0.7 ...)
- - hoteldruid <unfixed> (bug #1101015)
+ - hoteldruid 3.0.8-1 (bug #1101015)
[bookworm] - hoteldruid <no-dsa> (Minor issue)
[bullseye] - hoteldruid <postponed> (Minor issue)
NOTE:
https://www.huyvo.net/post/cve-2025-25747-reflected-xss-vulnerability-in-hoteldruid-3-0-7
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c0719bfdb09998cfcc839033de1aad2c92f24a9f
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c0719bfdb09998cfcc839033de1aad2c92f24a9f
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
