DigitalDruid HotelDruid Cross-Site Scripting Vulnerability

A reflected cross-site scripting vulnerability has been identified in DigitalDruid HotelDruid version 3.0.7. This issue allows an attacker to execute arbitrary code and access sensitive information by exploiting the ripristina_backup parameter in the crea_backup.php endpoint. The vulnerability requires a valid authenticated session to be exploited.

Impact

Exploitation of this vulnerability allows for the execution of injected JavaScript in the context of the victim user, potentially leading to session hijacking, phishing, malware delivery, or abuse of administrative privileges.

Reproduction

To reproduce this vulnerability, an authenticated user must be tricked into clicking a crafted URL that includes a payload in the ripristina_backup parameter. This can be done by sending the URL via email or through a messaging platform. Once the user clicks the link, the injected script will execute in their browser.

Remediation

Developers are advised to validate all user input on the server side, properly encode output before rendering, implement a strict Content Security Policy, and manage sessions securely by using cookies with HttpOnly and SameSite flags.