3 matches found
CVE-2024-2603 Salon booking system <= 9.6.5 - Editor+ Stored XSS via Email Settings
The Salon booking system WordPress plugin through 9.6.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin or editor depending on Salon booking system WordPress plugin through 9.6.5 configuration to perform Stored Cross-Site Scripting attacks...
CVE-2024-2603
CVE-2024-2603 affects the Salon booking system WordPress plugin (versions ≤ 9.6.5). The issue is due to incomplete sanitization/escaping of certain settings, enabling Stored XSS by high-privilege users (admin or editor, depending on configuration) even when unfiltered_html is disallowed (e.g., mu...
WordPress Salon booking system Plugin <= 9.6.5 is vulnerable to Cross Site Scripting (XSS)
Software Salon booking system Type Plugin Vulnerable versions = 9.6.5 Fixed in 9.6.6 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-2603 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID d3efd4f7767a Credits Bob Matyas Required...