Lucene search
K

10 matches found

snyk
snyk
added 2026/02/25 7:29 p.m.5 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the rendering of RSE metadata in the WebUI. An attacker can execute arbitrary JavaScript in the users' context by injecting malicious scripts into the City, CountryName, or ISP fields, which are then stored...

8.2CVSS5.9AI score0.00287EPSS
Exploits1References2
osv
osv
added 2023/12/07 7:15 a.m.3 views

CVE-2023-48839

Appointment Scheduler 3.0 is vulnerable to Multiple Stored Cross-Site Scripting XSS issues via the name, pluginsmsapikey, pluginsmscountrycode, calendarid, title, country name, or customername parameter...

5.4CVSS5.8AI score0.00419EPSS
Exploits1References2
attackerkb
attackerkb
added 2023/12/07 7:15 a.m.5 views

CVE-2023-48839

Appointment Scheduler 3.0 is vulnerable to Multiple Stored Cross-Site Scripting XSS issues via the name, pluginsmsapikey, pluginsmscountrycode, calendarid, title, country name, or customername parameter...

5.4CVSS6AI score0.00419EPSS
Exploits1References3
attackerkb
attackerkb
added 2023/12/07 7:15 a.m.3 views

CVE-2023-48836

Car Rental Script 3.0 is vulnerable to Multiple Stored Cross-Site Scripting XSS issues via the name, pluginsmsapikey, pluginsmscountrycode, calendarid, title, country name, or customername parameter...

5.4CVSS6AI score0.00465EPSS
Exploits2References3
osv
osv
added 2023/12/07 7:15 a.m.5 views

CVE-2023-48836

Car Rental Script 3.0 is vulnerable to Multiple Stored Cross-Site Scripting XSS issues via the name, pluginsmsapikey, pluginsmscountrycode, calendarid, title, country name, or customername parameter...

5.4CVSS5.8AI score0.00465EPSS
Exploits2References2
nvd
nvd
added 2023/12/07 7:15 a.m.22 views

CVE-2023-48828

Time Slots Booking Calendar 4.0 is vulnerable to Multiple Stored Cross-Site Scripting XSS issues via the name, pluginsmsapikey, pluginsmscountrycode, calendarid, title, country name, or customername parameter...

5.4CVSS0.00465EPSS
Exploits2References2
attackerkb
attackerkb
added 2023/12/07 7:15 a.m.4 views

CVE-2023-48827

Time Slots Booking Calendar 4.0 is vulnerable to Multiple HTML Injection issues via the name, pluginsmsapikey, pluginsmscountrycode, calendarid, title, country name, or customername parameter...

5.4CVSS6.1AI score0.00465EPSS
Exploits2References3
attackerkb
attackerkb
added 2023/12/07 7:15 a.m.3 views

CVE-2023-48828

Time Slots Booking Calendar 4.0 is vulnerable to Multiple Stored Cross-Site Scripting XSS issues via the name, pluginsmsapikey, pluginsmscountrycode, calendarid, title, country name, or customername parameter...

5.4CVSS6AI score0.00465EPSS
Exploits2References3
prion
prion
added 2023/12/07 7:15 a.m.18 views

Input validation

Time Slots Booking Calendar 4.0 is vulnerable to Multiple HTML Injection issues via the name, pluginsmsapikey, pluginsmscountrycode, calendarid, title, country name, or customername parameter...

4.9CVSS7.3AI score0.00465EPSS
Exploits2References2Affected Software1
ptsecurity
ptsecurity
added 2023/12/07 12:0 a.m.6 views

PT-2023-30982 · Unknown · Appointment Scheduler

Name of the Vulnerable Software and Affected Versions: Appointment Scheduler version 3.0 Description: The issue concerns Multiple Stored Cross-Site Scripting XSS problems. These issues can be exploited via several parameters, including name, plugin sms api key, plugin sms country code, calendar i...

5.4CVSS5.3AI score0.00419EPSS
Exploits1References5
Rows per page
Query Builder