Lucene search

K
SalonbookingsystemSalon Booking System

5 matches found

CVE
CVE
added 2024/04/17 5:15 a.m.76 views

CVE-2024-2102

The Salon booking system WordPress plugin before 9.6.3 does not properly sanitize and escape the 'Mobile Phone' field and 'sms_prefix' parameter when booking an appointment, allowing customers to conduct Stored Cross-Site Scripting attacks. The payload gets triggered when an admin visits the 'Booki...

4.7CVSS8AI score0.00222EPSS
CVE
CVE
added 2024/04/26 5:15 a.m.75 views

CVE-2024-2439

The Salon booking system WordPress plugin through 9.6.5 does not sanitise and escape some of its settings, which could allow high privilege users such as Editor to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)

4.8CVSS7.6AI score0.00159EPSS
CVE
CVE
added 2024/04/17 5:15 a.m.69 views

CVE-2024-2101

The Salon booking system WordPress plugin before 9.6.3 does not properly sanitize and escape the 'Mobile Phone' field when booking an appointment, allowing customers to conduct Stored Cross-Site Scripting attacks. The payload gets triggered when an admin visits the 'Customers' page and the maliciou...

5.7CVSS8AI score0.0049EPSS
CVE
CVE
added 2024/04/26 5:15 a.m.67 views

CVE-2024-2429

The Salon booking system WordPress plugin through 9.6.5 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack

4.3CVSS6.6AI score0.00178EPSS
CVE
CVE
added 2024/04/26 5:15 a.m.62 views

CVE-2024-2603

The Salon booking system WordPress plugin through 9.6.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin (or editor depending on Salon booking system WordPress plugin through 9.6.5 configuration) to perform Stored Cross-Site Scripting attacks e...

6.3CVSS7.6AI score0.00127EPSS