2 matches found
CVE-2022-1932 Rezgo Online Booking < 4.1.8 - Reflected Cross-Site-Scripting
The Rezgo Online Booking WordPress plugin before 4.1.8 does not sanitise and escape some parameters before outputting them back in a page, leading to a Reflected Cross-Site Scripting, which can be exploited either via a LFI in an AJAX action, or direct call to the affected file...
CVE-2022-1932
The CVE-2022-1932 entry concerns the Rezgo Online Booking WordPress plugin, prior to version 4.1.8, which fails to sanitize and escape certain parameters when outputting them to a page. This leads to a Reflected Cross-Site Scripting (XSS) vulnerability that can be triggered via a Local File Inclu...