2 matches found
CVE-2021-24930 Bookly < 20.3.1 - Staff Member Stored Cross-Site Scripting
The WordPress Online Booking and Scheduling Plugin WordPress plugin before 20.3.1 does not escape the Staff Full Name field before outputting it back in a page, which could lead to a Stored Cross-Site Scripting issue...
CVE-2021-24930
The CVE-2021-24930 relates to the WordPress Bookly/Booking plugin (Bookly) for WordPress, affected in versions up to 20.3.0. The root cause is failure to escape the Staff Full Name field before output, causing a Stored Cross-Site Scripting (XSS) vulnerability. The NVD data indicates a CVSSv3.1 ba...