CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2023-30496 – WordPress Bus Ticket Booking with Seat Reservation Plugin <= 5.2.5 is vulnerable to Cross Site Scripting (XSS)
https://notcve.org/view.php?id=CVE-2023-30496
13 Nov 2023 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in MagePeople Team WpBusTicketly plugin <= 5.2.5 versions. Vulnerabilidad de neutralización inadecuada de la entrada durante la generación de páginas web ('cross-site Scripting') en el complemento MagePeople Team WpBusTicketly en versiones <= 5.2.5. The Bus Ticket Booking with Seat Reservation – WpBusTicketly | WordPress plugin plugin for WordPress is vulnerable to Cross-Site Scripting in all versions up to... • https://patchstack.com/database/vulnerability/bus-ticket-booking-with-seat-reservation/wordpress-bus-ticket-booking-with-seat-reservation-plugin-5-2-5-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2023-4067 – Bus Ticket Booking with Seat Reservation <= 5.2.3 - Reflected Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2023-4067
01 Aug 2023 — The Bus Ticket Booking with Seat Reservation plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'tab_date' and 'tab_date_r' parameters in versions up to, and including, 5.2.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. • https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2945247%40bus-ticket-booking-with-seat-reservation&new=2945247%40bus-ticket-booking-with-seat-reservation&sfp_email=&sfph_mail= • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •