CVE-2026-52838
Affected software: Easy!Appointments (self-hosted appointment scheduler). Vulnerability: Stored XSS via the public booking page. An authenticated administrator can store HTML/JavaScript in the disable_booking_message setting (rich-text editor). The value is later passed directly to the public boo...