Lucene search
WPScanCVELIST:CVE-2024-2102HistoryApr 17, 2024 - 5:00 a.m.
CVE-2024-2102 Salon booking system < 9.6.3 - Unauthenticated Stored XSS
2024-04-1705:00:02
WPScan
www.cve.org
cve-2024-2102
salon booking system
unauthenticated stored xss
wordpress plugin
stored cross-site scripting
The Salon booking system WordPress plugin before 9.6.3 does not properly sanitize and escape the ‘Mobile Phone’ field and ‘sms_prefix’ parameter when booking an appointment, allowing customers to conduct Stored Cross-Site Scripting attacks. The payload gets triggered when an admin visits the ‘Bookings’ page and the malicious script is executed in the admin context.
CNA Affected
[
{
"vendor": "Unknown",
"product": "Salon booking system",
"versions": [
{
"status": "affected",
"versionType": "semver",
"version": "0",
"lessThan": "9.6.3"
}
],
"defaultStatus": "unaffected"
}
]Related
nvd
nvd
CVE-2024-2102
2024-04-17 05:15:48
cve
cve
CVE-2024-2102
2024-04-17 05:15:48
wpexploit
wpexploit
Salon booking system < 9.6.3 - Unauthenticated Stored XSS
2024-03-27 00:00:00
wpvulndb
wpvulndb
Salon booking system < 9.6.3 - Unauthenticated Stored XSS
2024-03-27 00:00:00
wordfence
wordfence