Описание
Stored XSS exists in the Appointment Booking Calendar plugin before 1.3.35 for WordPress. In the cpabc_appointments.php file, the Calendar Name input could allow attackers to inject arbitrary JavaScript or HTML.
Ссылки
- ExploitThird Party AdvisoryVDB Entry
- ExploitThird Party Advisory
- Release NotesThird Party Advisory
- Third Party Advisory
- Permissions RequiredThird Party Advisory
- ExploitThird Party AdvisoryVDB Entry
- ExploitThird Party Advisory
- Release NotesThird Party Advisory
- Third Party Advisory
- Permissions RequiredThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 1.3.35 (исключая)
cpe:2.3:a:codepeople:appointment_booking_calendar:*:*:*:*:*:wordpress:*:*
EPSS
Процентиль: 72%
0.00738
Низкий
4.8 Medium
CVSS3
3.5 Low
CVSS2
Дефекты
CWE-79
Связанные уязвимости
CVSS3: 4.8
github
больше 3 лет назад
Stored XSS exists in the Appointment Booking Calendar plugin before 1.3.35 for WordPress. In the cpabc_appointments.php file, the Calendar Name input could allow attackers to inject arbitrary JavaScript or HTML.
EPSS
Процентиль: 72%
0.00738
Низкий
4.8 Medium
CVSS3
3.5 Low
CVSS2
Дефекты
CWE-79