4 matches found
WordPress Cross-Site Scripting Vulnerability (CNVD-2020-54948)
WordPress is a blogging platform developed using the PHP language, which supports the setting up of personal blog sites on servers with PHP and MySQL. It is widely used internationally and is compatible with self-developed plugins. Powerful and widely used.Ultimate Appointment Booking & Schedulin...
CVE-2020-24313
Etoile Web Design Ultimate Appointment Booking & Scheduling WordPress Plugin v1.1.9 and lower does not sanitize the value of the "AppointmentID" GET parameter before echoing it back out inside an input tag. This results in a reflected XSS vulnerability that attackers can exploit with a specially...
CVE-2020-24313
Etoile Web Design Ultimate Appointment Booking & Scheduling WordPress Plugin v1.1.9 and lower does not sanitize the value of the "AppointmentID" GET parameter before echoing it back out inside an input tag. This results in a reflected XSS vulnerability that attackers can exploit with a specially...
Ultimate Appointment Booking & Scheduling < 1.1.10 - Authenticated Cross-Site Scripting (XSS)
The Ultimate Appointment Booking & Scheduling WordPress plugin, versions 1.1.9 and older, were vulnerable to Authenticated Cross-Site Scripting XSS within multiple parameters...