Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

6 matches found

RedhatCVE
RedhatCVEadded 2025/05/22 10:5 p.m.6 views

CVE-2022-0720

The Amelia WordPress plugin before 1.0.47 does not have proper authorisation when managing appointments, allowing any customer to update other's booking, as well as retrieve sensitive information about the bookings, such as the full name and phone number of the person who booked it...

5.5CVSS6.3AI score0.00609EPSS
Exploits2References1
wpexploit
wpexploitadded 2024/03/27 12:0 a.m.168 views

Salon Booking System < 9.6.3 - Unauthenticated Stored XSS

Description The plugin does not properly sanitize and escape the 'Mobile Phone' field when booking an appointment, allowing customers to conduct Stored Cross-Site Scripting attacks. The payload gets triggered when an admin visits the 'Customers' page and the malicious script is executed in the...

6AI score0.00631EPSS
Exploits2
Prion
Prionadded 2022/04/04 4:15 p.m.20 views

Information disclosure

The Amelia WordPress plugin before 1.0.49 does not have proper authorisation when managing appointments, allowing any customer to update other's booking status, as well as retrieve sensitive information about the bookings, such as the full name and phone number of the person who booked it...

5.5CVSS5.3AI score0.00773EPSS
Exploits2References2Affected Software1
wpexploit
wpexploitadded 2022/03/14 12:0 a.m.113 views

Amelia < 1.0.49 - Customer+ Arbitrary Appointments Status Update

The plugin does not have proper authorisation when managing appointments, allowing any customer to update other's booking status, as well as retrieve sensitive information about the bookings, such as the full name and phone number of the person who booked it. 1. Make a booking to become customer ...

5.5CVSS0.5AI score0.00773EPSS
Exploits2References1
WPVulnDB
WPVulnDBadded 2020/04/04 12:0 a.m.15 views

Online Hotel Booking System Pro <= 1.1 - Unauthenticated Stored Cross-Site Scripting (XSS)

An unauthenticated user can inject malicious JavaScript via the booking form, specifically in the new user details.. The XSS payload is then executed when an authenticated administrator user views the booking on the Customer-booking page. PoC Inject XSS via most fields in the booking form, which...

4.3CVSS1.7AI score0.01167EPSS
Exploits2References2Affected Software1
wpexploit
wpexploitadded 2020/04/04 12:0 a.m.30 views

Online Hotel Booking System Pro <= 1.1 - Unauthenticated Stored Cross-Site Scripting (XSS)

An unauthenticated user can inject malicious JavaScript via the booking form, specifically in the new user details.. The XSS payload is then executed when an authenticated administrator user views the booking on the Customer-booking page. Inject XSS via most fields in the booking form, which will...

4.3CVSS0.7AI score0.01167EPSS
Exploits2References2
Rows per page
Query Builder