HotelDruid XSS

HotelDruid is an enterprise HR management system used by some organizations. This vulnerability allows attackers to inject malicious scripts into the application's /modifica_app.php file, potentially leading to unauthorized access and data theft.

Specific version info not stated in the advisory. If you don't recognise this software, you're probably not affected.

1. Upgrade to HotelDruid v3.0.8 or later from the official website: https://www.hoteldruid.com/en/download.html.
2. If an immediate upgrade isn't possible, apply the following mitigations:
   • Restrict network access to your HotelDruid instance (firewall it from the public internet).
   • Audit admin account activity for suspicious access patterns.
   • Monitor for unauthorized token creation.

• www.hoteldruid.com
• www.partywave.site