← volver
CVE-2021-24225

Advanced Booking Calendar < 1.6.7 - Authenticated Reflected Cross-Site Scripting (XSS)

EPSS 0.7%CWE-79
The Advanced Booking Calendar WordPress plugin before 1.6.7 did not sanitise the calId GET parameter in the "Seasons & Calendars" page before outputing it in an A tag, leading to a reflected XSS issue
Productos afectados
Unknown · Advanced Booking Calendar

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://plugins.trac.wordpress.org/changeset/2503971/https://wpscan.com/vulnerability/25ca8af5-ab48-4e6d-b2ef-fc291742f1d5