4 matches found
WordPress Salon Booking System plugin < 10.9.4 - Admin+ Stored XSS vulnerability
Admin+ Stored XSS vulnerability discovered by Dmitrii Ignatyev in WordPress Plugin Salon booking system versions 10.9.4...
CVE-2024-9882 Salon Booking System < 10.9.4 - Admin+ Stored XSS
The Salon Booking System, Appointment Scheduling for Salons, Spas & Small Businesses WordPress plugin before 1.9.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml...
CVE-2024-9882 Salon Booking System < 10.9.4 - Admin+ Stored XSS
The Salon Booking System, Appointment Scheduling for Salons, Spas & Small Businesses WordPress plugin before 1.9.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml...
CVE-2024-9882
The CVE applies to the WordPress plugin Salon Booking System (versions prior to 1.9.4). Root cause: insufficient sanitisation/escaping of certain settings, enabling Stored XSS by high-privilege users (e.g., admins) even when unfiltered_html is disallowed (such as in multisite setups). Impact: sto...