3 matches found
CVE-2024-5584 WordPress Online Booking and Scheduling Plugin – Bookly <= 23.2 - Authenticated (Subscriber+) Stored Cross-Site Scripting via Color Profile Parameter
The WordPress Online Booking and Scheduling Plugin – Bookly plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Color Profile parameter in all versions up to, and including, 23.2 due to insufficient input sanitization and output escaping. This makes it possible for...
CVE-2024-5584
CVE-2024-5584 : WordPress Bookly plugin (Bookly Online Booking and Scheduling) is vulnerable to a Stored XSS via the Color Profile parameter in all versions up to 23.2. Exploitation requires an authenticated attacker with staff/member role and Subscriber-level access or higher, enabling injection...
WordPress Bookly Plugin <= 23.2 is vulnerable to Cross Site Scripting (XSS)
Software Bookly Type Plugin Vulnerable versions = 23.2 Fixed in 23.3 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-5584 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 6392bd62a07f Credits 0xBishop Required privilege...