Description

The Salon booking system WordPress plugin before 6.3.1 does not properly sanitise and escape the First Name field when booking an appointment, allowing low privilege users such as subscriber to set JavaScript in them, leading to a Stored Cross-Site Scripting (XSS) vulnerability. The Payload will then be triggered when an admin visits the "Calendar" page and the malicious script is executed in the admin context.

Related CPE's

a

salonbookingsystem

salon_booking_system

*

*

*

*

*

wordpress

Vulnerable

References

https://wpscan.com/vulnerability/e922b788-7da5-43b4-9b05-839c8610252a

ExploitThird Party Advisory

https://wpscan.com/vulnerability/e922b788-7da5-43b4-9b05-839c8610252a

ExploitThird Party Advisory

Weaknesses

[email protected]

Secondary
CWE-79

CVSS impact metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

6.1 · Medium

Information

Source identifier

[email protected]

Vulnerability status

Modified

Published

2021-07-12T18:15:09.410Z

4 years ago

Last modified

2024-11-21T04:53:03.357Z

1 year ago