2 matches found
CVE-2021-24429
The CVE-2021-24429 entry concerns the WordPress Salon Booking System plugin (versions
CVE-2021-24429 Salon Booking System < 6.3.1 - Unauthenticated Stored Cross-Site Scripting (XSS)
The Salon booking system WordPress plugin before 6.3.1 does not properly sanitise and escape the First Name field when booking an appointment, allowing low privilege users such as subscriber to set JavaScript in them, leading to a Stored Cross-Site Scripting XSS vulnerability. The Payload will th...