2 matches found
Cross-site Scripting (XSS)
innologi/typo3-appointments is vulnerable to cross-site scripting XSS attacks. The library does not properly escape the special characters before it outputs to the front-end, allowing an attacker to inject and execute malicious JavaScript via various formfield values...
typo3-appointments 跨站脚本漏洞
typo3-appointments is an extension for Frenck Lutke Personal Developer. It can handle appointments for multiple schedules, for different appointment types, and has sophisticated time-based criteria. A cross-site scripting vulnerability exists in typo3-appointments versions prior to 2.0.6, which...