Lucene search
WPScanVULNRICHMENT:CVE-2024-2101HistoryApr 17, 2024 - 5:00 a.m.
CVE-2024-2101 WordPress Plugin Salon Booking System < 9.6.3 - Unauthenticated Stored Cross-Site Scripting (XSS)
2024-04-1705:00:02
WPScan
github.com
1
wordpress
plugin
salon booking system
unauthenticated
stored
cross-site scripting
xss
admin
customers
appointment
mobile phone
sanitize
escape
attack
The Salon booking system WordPress plugin before 9.6.3 does not properly sanitize and escape the ‘Mobile Phone’ field when booking an appointment, allowing customers to conduct Stored Cross-Site Scripting attacks. The payload gets triggered when an admin visits the ‘Customers’ page and the malicious script is executed in the admin context.
CNA Affected
[
{
"vendor": "Unknown",
"product": "Salon booking system",
"versions": [
{
"status": "affected",
"versionType": "semver",
"version": "0",
"lessThan": "9.6.3"
}
],
"defaultStatus": "unaffected"
}
]Related
wpvulndb
wpvulndb
Salon Booking System < 9.6.3 - Unauthenticated Stored XSS
2024-03-27 00:00:00
cvelist
cvelist
wpexploit
wpexploit
Salon Booking System < 9.6.3 - Unauthenticated Stored XSS
2024-03-27 00:00:00
cve
cve
CVE-2024-2101
2024-04-17 05:15:48
nvd
nvd
CVE-2024-2101
2024-04-17 05:15:48
wordfence
wordfence
5.8 Medium
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
9.1%
Related for VULNRICHMENT:CVE-2024-2101