Lucene search
K

4 matches found

Patchstack
Patchstack
added 2025/05/19 4:2 a.m.4 views

WordPress Salon Booking System plugin < 10.9.4 - Admin+ Stored XSS vulnerability

Admin+ Stored XSS vulnerability discovered by Dmitrii Ignatyev in WordPress Plugin Salon booking system versions 10.9.4...

4.8CVSS6AI score0.00222EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2025/05/15 8:7 p.m.15 views

CVE-2024-9882 Salon Booking System < 10.9.4 - Admin+ Stored XSS

The Salon Booking System, Appointment Scheduling for Salons, Spas & Small Businesses WordPress plugin before 1.9.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml...

0.00222EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2025/05/15 8:7 p.m.8 views

CVE-2024-9882 Salon Booking System < 10.9.4 - Admin+ Stored XSS

The Salon Booking System, Appointment Scheduling for Salons, Spas & Small Businesses WordPress plugin before 1.9.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml...

5.9AI score0.00222EPSS
Exploits1References1
CVE
CVE
added 2025/05/15 8:7 p.m.29 views

CVE-2024-9882

The CVE applies to the WordPress plugin Salon Booking System (versions prior to 1.9.4). Root cause: insufficient sanitisation/escaping of certain settings, enabling Stored XSS by high-privilege users (e.g., admins) even when unfiltered_html is disallowed (such as in multisite setups). Impact: sto...

4.8CVSS5.7AI score0.00222EPSS
Exploits1References1Affected Software1
Rows per page
Query Builder