Описание
Stored XSS exists in the Appointment Booking Calendar plugin before 1.3.35 for WordPress. In the cpabc_appointments.php file, the Calendar Name input could allow attackers to inject arbitrary JavaScript or HTML.
Stored XSS exists in the Appointment Booking Calendar plugin before 1.3.35 for WordPress. In the cpabc_appointments.php file, the Calendar Name input could allow attackers to inject arbitrary JavaScript or HTML.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2020-9371
- https://drive.google.com/open?id=1NNcYPaJir9SleyVr4cSPqpI2LNM7rtx9
- https://wordpress.org/plugins/appointment-booking-calendar/#developers
- https://wpvulndb.com/vulnerabilities/10110
- https://www.hotdreamweaver.com/support/view.php?id=815925
- http://packetstormsecurity.com/files/156694/WordPress-Appointment-Booking-Calendar-1.3.34-CSV-Injection.html
Связанные уязвимости
CVSS3: 4.8
nvd
почти 6 лет назад
Stored XSS exists in the Appointment Booking Calendar plugin before 1.3.35 for WordPress. In the cpabc_appointments.php file, the Calendar Name input could allow attackers to inject arbitrary JavaScript or HTML.