Description

The Salon booking system WordPress plugin before 6.3.1 does not properly sanitise and escape the First Name field when booking an appointment, allowing low privilege users such as subscriber to set JavaScript in them, leading to a Stored Cross-Site Scripting (XSS) vulnerability. The Payload will then be triggered when an admin visits the "Calendar" page and the malicious script is executed in the admin context.

Related CPE's

a

salonbookingsystem

salon_booking_system

*

*

*

*

*

wordpress

Vulnerable

References

https://wpscan.com/vulnerability/e922b788-7da5-43b4-9b05-839c8610252a

ExploitThird Party Advisory

Weaknesses

[email protected]

Primary
CWE-79

CVSS impact metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

6.1 · Medium

  • CVSS V3.1

  • CVSS V3.0

  • CVSS V2.0

Information

Source identifier

[email protected]

Vulnerability status

Analyzed

Published

2021-07-12T20:15:09.410

3 years ago

Last modified

2021-07-15T15:20:34.673

3 years ago