Lucene search
WPScanVULNRICHMENT:CVE-2024-2603HistoryApr 26, 2024 - 5:00 a.m.
CVE-2024-2603 Salon booking system <= 9.6.5 - Editor+ Stored XSS via Email Settings
2024-04-2605:00:03
WPScan
github.com
2
cve-2024-2603
salon booking system
wordpress plugin
stored xss
email settings
high privilege users
cross-site scripting
unfiltered_html capability
The Salon booking system WordPress plugin through 9.6.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin (or editor depending on Salon booking system WordPress plugin through 9.6.5 configuration) to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
ADP Affected
[
{
"cpes": [
"cpe:2.3:a:salon_booking_system:salon_booking_system:9.6.6:*:*:*:*:*:*:*"
],
"vendor": "salon_booking_system",
"product": "salon_booking_system",
"versions": [
{
"status": "affected",
"version": "0"
}
],
"defaultStatus": "unknown"
}
]Related
cve
cve
CVE-2024-2603
2024-04-26 05:15:50
wpexploit
wpexploit
Salon booking system < 9.6.6 - Editor+ Stored XSS via Email Settings
2024-04-05 00:00:00
cvelist
cvelist
wpvulndb
wpvulndb
Salon booking system < 9.6.6 - Editor+ Stored XSS via Email Settings
2024-04-05 00:00:00
nvd
nvd
CVE-2024-2603
2024-04-26 05:15:50
wordfence
wordfence
AI Score
5.6
Confidence
High
SSVC
Exploitation
none
Automatable
no
Technical Impact
partial
Related for VULNRICHMENT:CVE-2024-2603