CVE-2023-23012

2023-01-2000:00:00

mitre

www.cve.org

cross site scripting

vulnerability

classroombookings 2.6.4

execute arbitrary code

input bgcol

file weeks.php

0.001 Low

EPSS

Percentile

32.8%

JSON

Cross Site Scripting (XSS) vulnerability in craigrodway classroombookings 2.6.4 allows attackers to execute arbitrary code or other unspecified impacts via the input bgcol in file Weeks.php.

References

gist.github.com/enferas/bd8ec37999c216eceabd6b80d5a95f94

github.com/craigrodway/classroombookings/issues/52

0.001 Low

EPSS

Percentile

32.8%

JSON

Related for CVELIST:CVE-2023-23012