8 matches found
CVE-2026-1856
The Appointment Booking Calendar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via custom booking field labels in all versions up to, and including, 1.4.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
CVE-2026-1856 Appointment Booking Calendar <= 1.4.4 - Authenticated (Author+) Stored Cross-Site Scripting via Custom Booking Field Label
The Appointment Booking Calendar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via custom booking field labels in all versions up to, and including, 1.4.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
CVE-2026-6320
The CVE concerns the Salon Booking System – Free Version WordPress plugin. Affected component: the booking flow and email attachment handling in versions up to and including 10.30.25. Root cause: attacker-controlled file-field values are stored and later treated as trusted paths for email attachm...
Hostel Management System Cross-Site Scripting Vulnerability
Hostel Management System is a hostel management system. Hostel Management System suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data in the search booking field, which can be exploited to execute arbitrary Web script...
CVE-2023-36939
Cross-Site Scripting XSS vulnerability in Hostel Management System v2.1 allows an attacker to execute arbitrary code via a crafted payload to the search booking field...
CVE-2023-36939
Cross-Site Scripting XSS vulnerability in Hostel Management System v2.1 allows an attacker to execute arbitrary code via a crafted payload to the search booking field...
Cross site scripting
Cross-Site Scripting XSS vulnerability in Hostel Management System v2.1 allows an attacker to execute arbitrary code via a crafted payload to the search booking field...
CVE-2023-36939
Cross-Site Scripting XSS vulnerability in Hostel Management System v2.1 allows an attacker to execute arbitrary code via a crafted payload to the search booking field...