CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 1CVE-2021-24712 – Appointment Hour Booking – WordPress Booking Plugin < 1.3.17 - Authenticated Stored XSS
https://notcve.org/view.php?id=CVE-2021-24712
The Appointment Hour Booking WordPress plugin before 1.3.17 does not properly sanitize values used when creating new calendars. El plugin Appointment Hour Booking de WordPress versiones anteriores a 1.3.17, no sanea correctamente los valores usados cuando se crean nuevos calendarios • https://wpscan.com/vulnerability/e677e51b-0d3f-44a5-9fcd-c159786b9926 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2021-24673 – Appointment Hour Booking < 1.3.16 - Authenticated Stored Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2021-24673
The Appointment Hour Booking WordPress plugin before 1.3.16 does not escape some of the Calendar Form settings, allowing high privilege users to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. El plugin Appointment Hour Booking de WordPress versiones anteriores a 1.3.16, no escapa a algunos de los ajustes del formulario del calendario, que permite a usuarios con privilegios elevados llevar a cabo ataques de tipo Cross-Site Scripting Almacenado incluso cuando la capacidad unfiltered_html no está permitida • https://wpscan.com/vulnerability/75a67932-d831-4dfb-a70d-a07650eaa755 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2019-13505 – Appointment Hour Booking – WordPress Booking Plugin <= 1.1.45 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2019-13505
The Appointment Hour Booking plugin 1.1.44 for WordPress allows XSS via the E-mail field, as demonstrated by email_1. El plugin Appointment Hour Booking versión 1.1.44 para WordPress, permite una vulnerabilidad de tipo XSS por medio del campo E-mail, como es demostrado por email_1. • https://github.com/ivoschyk-cs/CVE-s/blob/master/Appointment%20Hour%20Booking%20%E2%80%93%20WordPress%20Booking%20Plugin%20--%20stored%20XSS https://wordpress.org/plugins/appointment-hour-booking/#developers https://wpvulndb.com/vulnerabilities/9458 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •