CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2021-25040 – Booking Calendar < 8.9.2 - Reflected Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2021-25040
The Booking Calendar WordPress plugin before 8.9.2 does not sanitise and escape the booking_type parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting El plugin Booking Calendar de WordPress versiones anteriores a 8.9.2, no sanea y escapa del parámetro booking_type antes de devolverlo a una página de administración, conllevando a un problema de tipo Cross-Site Scripting Reflejado • https://wpscan.com/vulnerability/3ed821a6-c3e2-4964-86f8-d14c4a54708a • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2018-5673 – Booking calendar, Appointment Booking System <= 2.1.7 - Cross-Site Request Forgery
https://notcve.org/view.php?id=CVE-2018-5673
An issue was discovered in the booking-calendar plugin 2.1.7 for WordPress. CSRF exists via wp-admin/admin.php. Se ha descubierto un problema en el plugin booking-calendar 2.1.7 para WordPress. Existe CSRF mediante wp-admin/admin.php. • https://github.com/d4wner/Vulnerabilities-Report/blob/master/booking-calendar.md https://wpvulndb.com/vulnerabilities/9012 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2018-5672 – Booking calendar, Appointment Booking System <= 2.1.7 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2018-5672
An issue was discovered in the booking-calendar plugin 2.1.7 for WordPress. XSS exists via the wp-admin/admin.php form_field5[label] parameter. Se ha descubierto un problema en el plugin booking-calendar 2.1.7 para WordPress. Existe XSS mediante el parámetro form_field5[label] en wp-admin/admin.php. • https://github.com/d4wner/Vulnerabilities-Report/blob/master/booking-calendar.md https://wpvulndb.com/vulnerabilities/9012 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2018-5671 – Booking calendar, Appointment Booking System <= 2.1.7 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2018-5671
An issue was discovered in the booking-calendar plugin 2.1.7 for WordPress. XSS exists via the wp-admin/admin.php extra_field1[items][field_item1][price_percent] parameter. Se ha descubierto un problema en el plugin booking-calendar 2.1.7 para WordPress. Existe XSS mediante el parámetro extra_field1[items][field_item1][price_percent] en wp-admin/admin.php. • https://github.com/d4wner/Vulnerabilities-Report/blob/master/booking-calendar.md https://wpvulndb.com/vulnerabilities/9012 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2018-5670 – Booking calendar, Appointment Booking System <= 2.1.7 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2018-5670
An issue was discovered in the booking-calendar plugin 2.1.7 for WordPress. XSS exists via the wp-admin/admin.php sale_conditions[count][] parameter. Se ha descubierto un problema en el plugin booking-calendar 2.1.7 para WordPress. Existe XSS mediante el parámetro sale_conditions[count][] en wp-admin/admin.php. • https://github.com/d4wner/Vulnerabilities-Report/blob/master/booking-calendar.md https://wpvulndb.com/vulnerabilities/9012 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •