Easy!Appointments uses hard-coded credentials

Use of Hard-coded Credentials in GitHub repository alextselegidis/easyappointments 1.4.3 and prior. A patch is available and anticipated to be part of version 1.5.0...

Easy!Appointments 信任管理问题漏洞

Easy!Appointments is a web-based appointment and schedule management system. A vulnerability with trust management issues exists in versions prior to Easy!Appointments 1.5.0, which stems from the software's use of hard-coded credentials...

CVE-2022-4668

The Easy Appointments WordPress plugin before 3.11.2 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high...

CVE-2022-4668

The Easy Appointments WordPress plugin before 3.11.2 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high...

Cross site scripting

The Easy Appointments WordPress plugin before 3.11.2 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high...

CVE-2022-4668 Easy Appointments < 3.11.2 - Contributor+ Stored XSS in Shortcode

The Easy Appointments WordPress plugin before 3.11.2 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high...

CVE-2022-4668 Easy Appointments < 3.11.2 - Contributor+ Stored XSS in Shortcode

The Easy Appointments WordPress plugin before 3.11.2 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high...

CVE-2022-4668

CVE-2022-4668 affects the Easy Appointments WordPress plugin (versions before 3.11.2). The issue is that shortcode attributes are not validated/escaped before output, enabling Stored Cross‑Site Scripting by users with as little as a contributor against high‑privilege users (e.g., admins). A PoC e...

WordPress plugin The Easy Appointments 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

PT-2023-14989 · WordPress · Easyappointments

Name of the Vulnerable Software and Affected Versions: Easy Appointments WordPress plugin versions prior to 3.11.2 Description: The issue concerns a lack of validation and escaping of some shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site...

Cross-site Scripting (XSS)

innologi/typo3-appointments is vulnerable to cross-site scripting XSS attacks. The library does not properly escape the special characters before it outputs to the front-end, allowing an attacker to inject and execute malicious JavaScript via various formfield values...

typo3-appointments vulnerable to Cross-site Scripting

A vulnerability, which was classified as problematic, was found in innologi appointments Extension up to 2.0.5. This affects an unknown part of the component Appointment Handler. The manipulation of the argument formfield leads to cross site scripting. It is possible to initiate the attack...

CVE-2019-25094

A vulnerability, which was classified as problematic, was found in innologi appointments Extension up to 2.0.5 on TYPO3. This affects an unknown part of the component Appointment Handler. The manipulation of the argument formfield leads to cross site scripting. It is possible to initiate the atta...

CVE-2019-25094

A vulnerability, which was classified as problematic, was found in innologi appointments Extension up to 2.0.5 on TYPO3. This affects an unknown part of the component Appointment Handler. The manipulation of the argument formfield leads to cross site scripting. It is possible to initiate the atta...

Cross site scripting

A vulnerability, which was classified as problematic, was found in innologi appointments Extension up to 2.0.5 on TYPO3. This affects an unknown part of the component Appointment Handler. The manipulation of the argument formfield leads to cross site scripting. It is possible to initiate the atta...

CVE-2019-25094 innologi appointments Extension Appointment cross site scripting

A vulnerability, which was classified as problematic, was found in innologi appointments Extension up to 2.0.5 on TYPO3. This affects an unknown part of the component Appointment Handler. The manipulation of the argument formfield leads to cross site scripting. It is possible to initiate the atta...

typo3-appointments 跨站脚本漏洞

typo3-appointments is an extension for Frenck Lutke Personal Developer. It can handle appointments for multiple schedules, for different appointment types, and has sophisticated time-based criteria. A cross-site scripting vulnerability exists in typo3-appointments versions prior to 2.0.6, which...

PT-2023-11352 · Unknown · Innologi Appointments Extension

Name of the Vulnerable Software and Affected Versions: innologi appointments Extension versions up to 2.0.5 Description: A problematic vulnerability was found in the innologi appointments Extension, affecting an unknown part of the component Appointment Handler. The manipulation of the formfield...

Easy Appointments < 3.11.2 - Contributor+ Stored XSS in Shortcode

The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. Exploit...

Easy Appointments < 3.11.2 - Contributor+ Stored XSS in Shortcode

The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. PoC Exploit...