3 matches found
CVE-2022-1710
The Appointment Hour Booking WordPress plugin before 1.3.56 does not sanitise and escape a settings of its Calendar fields, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml is disallowed...
CVE-2022-1710 Appointment Hour Booking < 1.3.56 - Admin+ Stored Cross-Site Scripting
The Appointment Hour Booking WordPress plugin before 1.3.56 does not sanitise and escape a settings of its Calendar fields, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml is disallowed...
CVE-2022-1710
The CVE-2022-1710 entry concerns the WordPress Appointment Hour Booking plugin prior to version 1.3.56. The vulnerability arises from insufficient sanitization/escaping of the Calendar fields settings, enabling stored Cross-Site Scripting (XSS) by high-privilege users. Affected component: the plu...