Lucene search
+L

31 matches found

prion
prion
added 2023/04/07 9:15 a.m.18 views

Cross site scripting

Auth. admin+ Cross-Site Scripting XSS vulnerability in Veribo, Roland Murg WP Booking System – Booking Calendar plugin = 2.0.18 versions...

4.3CVSS4.9AI score0.00394EPSS
Exploits0References1Affected Software1
cve
cve
added 2023/04/07 8:48 a.m.44 views

CVE-2023-24402

CVE-2023-24402 affects the WordPress WP Booking System – Booking Calendar plugin for Veribo, with versions

5.9CVSS4.9AI score0.00394EPSS
Exploits0References1Affected Software1
nvd
nvd
added 2022/01/17 1:15 p.m.24 views

CVE-2021-25061

The WP Booking System WordPress plugin before 2.0.15 was affected by a reflected xss in wp-booking-system on the wpbs-calendars admin page...

5.4CVSS0.00675EPSS
Exploits2References2
cvelist
cvelist
added 2022/01/17 1:0 p.m.30 views

CVE-2021-25061 WP Booking System – Booking Calendar < 2.0.15 - Authenticated Reflected Cross-Site Scripting (XSS)

The WP Booking System WordPress plugin before 2.0.15 was affected by a reflected xss in wp-booking-system on the wpbs-calendars admin page...

5.7AI score0.00675EPSS
Exploits2References2
cve
cve
added 2022/01/17 1:0 p.m.53 views

CVE-2021-25061

CVE-2021-25061: WordPress WP Booking System plugin before 2.0.15 suffers a reflected XSS on the wpbs-calendars admin page. The vulnerability is authenticated (requires user login) and can execute JavaScript in the context of the affected site. Evidence across multiple sources confirms the flaw an...

5.4CVSS5.4AI score0.00675EPSS
Exploits2References2Affected Software1
wpvulndb
wpvulndb
added 2019/05/22 12:0 a.m.20 views

WP Booking System <= 1.5.1.1 - CSRF to Authenticated SQL Injection

According to the original researcher, no CSRF nonces were present and therefore could be exploited by chaining with the CSRF issue...

6.5CVSS2.3AI score0.00911EPSS
Exploits1References2Affected Software1
cve
cve
added 2019/05/20 7:38 p.m.78 views

CVE-2019-12239

The CVE-2019-12239 entry concerns the WordPress WP Booking System plugin (version 1.5.1) with a lack of CSRF protection, which allows reaching SQL injection issues that require administrative access. Connected documents confirm this vulnerability and its remediation guidance, e.g., Patchstack and...

7.2CVSS7.4AI score0.00911EPSS
Exploits1References3Affected Software1
nvd
nvd
added 2017/05/22 4:29 p.m.11 views

CVE-2017-2168

Cross-site scripting vulnerability in WP Booking System Free version prior to version 1.4 and WP Booking System Premium version prior to version 3.7 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

6.1CVSS6AI score0.01379EPSS
Exploits0References4
cvelist
cvelist
added 2017/05/22 4:0 p.m.21 views

CVE-2017-2168

Cross-site scripting vulnerability in WP Booking System Free version prior to version 1.4 and WP Booking System Premium version prior to version 3.7 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

6AI score0.01379EPSS
Exploits0References4
cve
cve
added 2017/05/22 4:0 p.m.49 views

CVE-2017-2168

The CVE-2017-2168 entry maps to the WordPress plugin WP Booking System. A stored cross-site scripting (XSS) vulnerability exists in WP Booking System Free versions prior to 1.4 and Premium versions prior to 3.7, allowing remote attackers to inject arbitrary scripts via unspecified vectors. Impact...

6.1CVSS5.9AI score0.01379EPSS
Exploits0References4Affected Software1
wpvulndb
wpvulndb
added 2017/05/16 12:0 a.m.15 views

WP Booking System <= 1.3.3 - Authenticated Stored Cross-Site Scripting (XSS)

The WP Booking System – Booking Calendar WordPress plugin was affected by an Authenticated Stored Cross-Site Scripting XSS security vulnerability...

4.3CVSS1.9AI score0.01379EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder