Lucene search
IohexWPEX-ID:F06629B5-8B15-48EB-A7A7-78B693E06B71HistoryMar 30, 2021 - 12:00 a.m.
Advanced Booking Calendar < 1.6.8 - Authenticated Reflected Cross-Site Scripting (XSS)
2021-03-3000:00:00
iohex
306
0.001 Low
EPSS
Percentile
24.8%
The plugin does not sanitise the license error message when output in the settings page, leading to an authenticated reflected Cross-Site Scripting issue
https://plugins.trac.wordpress.org/browser/advanced-booking-calendar/tags/1.6.7/backend/settings.php#L550
/wp-admin/admin.php?page=advanced-booking-calendar-show-settings&setting=licenseKeyError&message=<script>alert(123)</script>Related
nvd
nvd
CVE-2021-24232
2021-04-22 21:15:09
prion
prion
Cross site scripting
2021-04-22 21:15:00
cvelist
cvelist
wpvulndb
wpvulndb
cve
cve
CVE-2021-24232
2021-04-22 21:15:09
patchstack
patchstack