MEDIUM🇬🇧 English

CVE-2022-1710

CVSS 4.8v3.1pub. 2022-06-13upd. 2024-11-21

The Appointment Hour Booking WordPress plugin before 1.3.56 does not sanitise and escape a settings of its Calendar fields, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html is disallowed.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
  • Dwbooster Appointment Hour Booking

    APP
    Dwbooster
    < 1.3.56
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
XSS
CWE
Referencje

Powiązane podatności

CVE-2022-4035HIGH7.2ten sam produkt

The Appointment Hour Booking plugin for WordPress is vulnerable to iFrame Injection via the ‘email’ or general...

CVE-2022-4034MEDIUM5.8ten sam produkt

The Appointment Hour Booking Plugin for WordPress is vulnerable to CSV Injection in versions up to, and includ...

CVE-2022-4036MEDIUM5.3ten sam produkt

The Appointment Hour Booking plugin for WordPress is vulnerable to CAPTCHA bypass in versions up to, and inclu...

CVE-2022-41692MEDIUM4.3ten sam produkt

Missing Authorization vulnerability in Appointment Hour Booking plugin <= 1.3.71 on WordPress.

CVE-2021-24712MEDIUM5.4ten sam produkt

The Appointment Hour Booking WordPress plugin before 1.3.17 does not properly sanitize values used when creati...