CVE-2020-9371
CVE-2020-9371
Stored XSS exists in the Appointment Booking Calendar plugin before 1.3.35 for WordPress. In the cpabc_appointments.php file, the Calendar Name input could allow attackers to inject arbitrary JavaScript or HTML.
Affected products
n/a · n/apublic PoCs found — 2
cve_referencepacketstormsecurity.com/files/156694/WordPress-Appointment-Booking-Calendar-1.3.34-CSV-Injection.htmlunverifiedexploitdbwww.exploit-db.com/exploits/48204unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://packetstormsecurity.com/files/156694/WordPress-Appointment-Booking-Calendar-1.3.34-CSV-Injection.htmlhttps://drive.google.com/open?id=1NNcYPaJir9SleyVr4cSPqpI2LNM7rtx9https://wordpress.org/plugins/appointment-booking-calendar/#developershttps://wpvulndb.com/vulnerabilities/10110https://www.hotdreamweaver.com/support/view.php?id=815925