RSS   Vulnerabilities for
'Ultimate appointment booking \& scheduling'
   RSS

2020-08-26
 
CVE-2020-24313

CWE-79
 

 
Etoile Web Design Ultimate Appointment Booking & Scheduling WordPress Plugin v1.1.9 and lower does not sanitize the value of the "Appointment_ID" GET parameter before echoing it back out inside an input tag. This results in a reflected XSS vulnerability that attackers can exploit with a specially crafted URL.

 

 >>> Vendor: Etoilewebdesign 4 Products
Ultimate product catalog
Ultimate faq
Ultimate appointment booking \& scheduling
Ultimate reviews


Copyright 2024, cxsecurity.com

 

Back to Top