2 matches found
CVE-2024-8797
The WP Booking System – Booking Calendar plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg & removequeryarg without appropriate escaping on the URL in all versions up to, and including, 2.0.19.8. This makes it possible for unauthenticated attackers...
WordPress WP Booking System Plugin <= 2.0.19.8 is vulnerable to Cross Site Scripting (XSS)
Software WP Booking System Type Plugin Vulnerable versions = 2.0.19.8 Fixed in 2.0.19.9 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-8797 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID c8bb40c2d8e4 Credits vgo0...