Codepeople - Appointment Booking Calendar CVE

Filtered by vendor Codepeople Subscribe

Filtered by product Appointment Booking Calendar

ALL

NONE (0.0) LOW (0.1 - 3.9) MEDIUM (4.0 - 6.9) HIGH (7.0 - 8.9) CRITICAL (9.0 - 10.0)

Total 2 CVE

CVE	Vendors	Products	Updated	CVSS v2	CVSS v3
CVE-2020-9371	1 Codepeople	1 Appointment Booking Calendar	2020-03-12	3.5 LOW	4.8 MEDIUM
Stored XSS exists in the Appointment Booking Calendar plugin before 1.3.35 for WordPress. In the cpabc_appointments.php file, the Calendar Name input could allow attackers to inject arbitrary JavaScript or HTML.
CVE-2019-14791	1 Codepeople	1 Appointment Booking Calendar	2019-08-14	4.3 MEDIUM	6.1 MEDIUM
The Appointment Booking Calendar plugin 1.3.18 for WordPress allows XSS via the wp-admin/admin-post.php editionarea parameter.

Vulnerabilities (CVE)