47 matches found
CVE-2026-52838
Affected software: Easy!Appointments (self-hosted appointment scheduler). Vulnerability: Stored XSS via the public booking page. An authenticated administrator can store HTML/JavaScript in the disable_booking_message setting (rich-text editor). The value is later passed directly to the public boo...
CVE-2026-52838 Easy!Appointments disable_booking_message rendered as raw HTML on public booking page — Stored XSS
Easy!Appointments is a self hosted appointment scheduler. Versions prior to 1.6.0 allow administrators to define a custom "booking disabled" message through the booking settings page. That value is stored in the disablebookingmessage setting via a rich-text editor and later passed directly to the...
CVE-2017-20243
WordPress Car Park Booking Plugin version 13 October 17 contains a time-based SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the spaceid parameter. Attackers can send GET requests to the booking-page endpoint with...
EUVD-2017-18969
WordPress Car Park Booking Plugin version 13 October 17 contains a time-based SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the spaceid parameter. Attackers can send GET requests to the booking-page endpoint with...
CVE-2017-20243
CVE-2017-20243 concerns the WordPress Car Park Booking Plugin. The initial report states a time-based SQL injection vulnerability in the plugin (version cited as of 17 Oct 2017) that allows unauthenticated attackers to manipulate database queries via the space_id parameter. By sending crafted GET...
WordPress plugin Car Park Booking Plugin 13 October SQL注入漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...
CVE-2026-6376
A weakness in SpiceJet’s public booking retrieval page permits full passenger booking details to be accessed using only a PNR and last name, with no authentication or verification mechanisms. This results in exposure of extensive personal, travel, and booking metadata to any unauthenticated user...
CVE-2026-7089
CVE-2026-7089 affects code-projects Home Service System 1.0. The vulnerability targets the Appointment Booking component, specifically the /booking.php file, where manipulation of the fname/lname parameters enables cross-site scripting. The description notes remote initiation and publicly disclos...
CVE-2026-6376
A weakness in SpiceJet’s public booking retrieval page permits full passenger booking details to be accessed using only a PNR and last name, with no authentication or verification mechanisms. This results in exposure of extensive personal, travel, and booking metadata to any unauthenticated user...
PT-2026-34750
Name of the Vulnerable Software and Affected Versions SpiceJet public booking retrieval page affected versions not specified Description Improper access control on a sensitive data retrieval function in the public booking retrieval page allows unauthenticated users to access full passenger bookin...
CVE-2026-36923
Sourcecodester Cab Management System 1.0 is vulnerable to SQL Injection in the file /cms/admin/bookings/viewbooking.php...
CVE-2026-36923
CVE-2026-36923 affects Sourcecodester Cab Management System 1.0. The vulnerable component is /cms/admin/bookings/view_booking.php and is caused by an SQL Injection condition in that file. CVSS v3.1 base score is 2.7 (LOW) with network attack vector, high privileges required, no user interaction, ...
PT-2026-27308
Name of the Vulnerable Software and Affected Versions projectworlds Lawyer Management System version 1.0 Description A flaw exists in projectworlds Lawyer Management System 1.0. The issue is related to cross site scripting, triggered by manipulating the Description argument in the /lawyer...
Exploit for Cross-site Scripting in Phpgurukul Doctor_Appointment_Management_System
CVE-2025-45805 Poc Of CVE-2025-45805 Affected Product: Doctor...
CVE-2025-63450
Car-Booking-System-PHP v.1.0 is vulnerable to Cross Site Scripting XSS in /carlux/booking.php...
CVE-2025-63450
CVE-2025-63450 affects Car-Booking-System-PHP v1.0 with a Cross-Site Scripting (XSS) vulnerability in /carlux/booking.php. The Red Hat, EUVD, CIRCL, NVD, and CVE records corroborate an XSS issue; however, the exact vulnerable parameter is not consistently specified across sources. Exploitation st...
CVE-2025-63450
Car-Booking-System-PHP v.1.0 is vulnerable to Cross Site Scripting XSS in /carlux/booking.php...
CVE-2025-11662 SourceCodester Best Salon Management System booking.php sql injection
A security flaw has been discovered in SourceCodester Best Salon Management System 1.0. Impacted is an unknown function of the file /booking.php. The manipulation of the argument servid results in sql injection. It is possible to launch the attack remotely. The exploit has been released to the...
PT-2025-41753
Name of the Vulnerable Software and Affected Versions SourceCodester Best Salon Management System version 1.0 Description A security flaw exists in SourceCodester Best Salon Management System 1.0. The issue is a SQL injection impacting an unknown function within the /booking.php file. The serv id...
CVE-2025-11474
A vulnerability was found in SourceCodester Hotel and Lodge Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /editbooking.php. Performing manipulation of the argument Name results in sql injection. The attack can be initiated remotely. The exploit has...