2 matches found
CVE-2024-5859
CVE-2024-5859 (vcita plugin for WordPress) is a Reflected XSS in the Online Booking & Scheduling Calendar for WordPress by vcita. Affected versions are all up to and including 4.4.2, due to insufficient input sanitization and output escaping in the d parameter. Unauthenticated users could inject ...
CVE-2024-5859 Appointment Booking and Online Scheduling <= 4.4.2 - Reflected Cross-Site Scripting
The Online Booking & Scheduling Calendar for WordPress by vcita plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘d’ parameter in all versions up to, and including, 4.4.2 due to insufficient input sanitization and output escaping. This makes it possible for...