Описание
Etoile Web Design Ultimate Appointment Booking & Scheduling WordPress Plugin v1.1.9 and lower does not sanitize the value of the "Appointment_ID" GET parameter before echoing it back out inside an input tag. This results in a reflected XSS vulnerability that attackers can exploit with a specially crafted URL.
Ссылки
- ProductThird Party Advisory
- ExploitThird Party AdvisoryURL Repurposed
- ProductThird Party Advisory
- ExploitThird Party AdvisoryURL Repurposed
Уязвимые конфигурации
Конфигурация 1Версия до 1.1.9 (включая)
cpe:2.3:a:etoilewebdesign:ultimate_appointment_booking_\&_scheduling:*:*:*:*:*:wordpress:*:*
EPSS
Процентиль: 50%
0.00264
Низкий
6.1 Medium
CVSS3
4.3 Medium
CVSS2
Дефекты
CWE-79
Связанные уязвимости
github
больше 3 лет назад
Etoile Web Design Ultimate Appointment Booking & Scheduling WordPress Plugin v1.1.9 and lower does not sanitize the value of the "Appointment_ID" GET parameter before echoing it back out inside an input tag. This results in a reflected XSS vulnerability that attackers can exploit with a specially crafted URL.
EPSS
Процентиль: 50%
0.00264
Низкий
6.1 Medium
CVSS3
4.3 Medium
CVSS2
Дефекты
CWE-79