3 matches found
CVE-2021-24673
The Appointment Hour Booking WordPress plugin before 1.3.16 does not escape some of the Calendar Form settings, allowing high privilege users to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...
CVE-2021-24673
The Appointment Hour Booking WordPress plugin before 1.3.16 does not escape some of the Calendar Form settings, allowing high privilege users to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...
CVE-2021-24673
CVE-2021-24673 affects the WordPress Appointment Hour Booking plugin prior to v1.3.16. The vulnerability arises from insufficient escaping in Calendar Form settings, allowing authenticated high-privilege users to perform Stored Cross-Site Scripting (XSS) even when unfiltered_html is disallowed. I...