Salonbookingsystem

salonbookingsystem

22 CVEs • 1 product

Products (1)

Click to collapse

Toggle

Salon Booking System

salon_booking_system

22 CVEs

CVEs (22)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2022-0919 1Salonbookingsystem 1Salon Booking System Nov 21, 2024 Apr 11, 2022 N/A· v4 5.3 MEDIUM· v3 5.0 MEDIUM· v2 The Salon booking system Free and pro WordPress plugins before 7.6.3 do not have proper authorisation when searching bookings, allowing any unauthenticated users to search other's booking, as well as retrieve sensitive i...Show more The Salon booking system Free and pro WordPress plugins before 7.6.3 do not have proper authorisation when searching bookings, allowing any unauthenticated users to search other's booking, as well as retrieve sensitive information about the bookings, such as the full name, email and phone number of the person who booked it.Show less
CVE-2021-24429 1Salonbookingsystem 1Salon Booking System Nov 21, 2024 Jul 12, 2021 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 The Salon booking system WordPress plugin before 6.3.1 does not properly sanitise and escape the First Name field when booking an appointment, allowing low privilege users such as subscriber to set JavaScript in them, le...Show more The Salon booking system WordPress plugin before 6.3.1 does not properly sanitise and escape the First Name field when booking an appointment, allowing low privilege users such as subscriber to set JavaScript in them, leading to a Stored Cross-Site Scripting (XSS) vulnerability. The Payload will then be triggered when an admin visits the "Calendar" page and the malicious script is executed in the admin context.Show less

CVE

VENDORS

PRODUCTS

UPDATED

PUBLISHED

CVSS

CVE-2022-0919

1Salonbookingsystem

1Salon Booking System

Nov 21, 2024

Apr 11, 2022

N/A· v4

5.3 MEDIUM· v3

5.0 MEDIUM· v2

The Salon booking system Free and pro WordPress plugins before 7.6.3 do not have proper authorisation when searching bookings, allowing any unauthenticated users to search other's booking, as well as retrieve sensitive information about the bookings, such as the full name, email and phone number of the person who booked it.Show less

CVE-2021-24429

1Salonbookingsystem

1Salon Booking System

Nov 21, 2024

Jul 12, 2021

N/A· v4

6.1 MEDIUM· v3

4.3 MEDIUM· v2

The Salon booking system WordPress plugin before 6.3.1 does not properly sanitise and escape the First Name field when booking an appointment, allowing low privilege users such as subscriber to set JavaScript in them, leading to a Stored Cross-Site Scripting (XSS) vulnerability. The Payload will then be triggered when an admin visits the "Calendar" page and the malicious script is executed in the admin context.Show less

Previous 12