Lucene search
WPScanCVELIST:CVE-2024-2101HistoryApr 17, 2024 - 5:00 a.m.
CVE-2024-2101 WordPress Plugin Salon Booking System < 9.6.3 - Unauthenticated Stored Cross-Site Scripting (XSS)
2024-04-1705:00:02
WPScan
www.cve.org
2
wordpress
salon booking system
unauthenticated
stored cross-site scripting
mobile phone
customers
admin context
The Salon booking system WordPress plugin before 9.6.3 does not properly sanitize and escape the ‘Mobile Phone’ field when booking an appointment, allowing customers to conduct Stored Cross-Site Scripting attacks. The payload gets triggered when an admin visits the ‘Customers’ page and the malicious script is executed in the admin context.
CNA Affected
[
{
"vendor": "Unknown",
"product": "Salon booking system",
"versions": [
{
"status": "affected",
"versionType": "semver",
"version": "0",
"lessThan": "9.6.3"
}
],
"defaultStatus": "unaffected"
}
]Related
wpvulndb
wpvulndb
Salon Booking System < 9.6.3 - Unauthenticated Stored XSS
2024-03-27 00:00:00
vulnrichment
vulnrichment
nvd
nvd
CVE-2024-2101
2024-04-17 05:15:48
wpexploit
wpexploit
Salon Booking System < 9.6.3 - Unauthenticated Stored XSS
2024-03-27 00:00:00
cve
cve
CVE-2024-2101
2024-04-17 05:15:48
wordfence
wordfence