Medium severity4.8NVD Advisory· Published Mar 4, 2020· Updated Jun 17, 2026
CVE-2020-9371
CVE-2020-9371
Description
Stored XSS exists in the Appointment Booking Calendar plugin before 1.3.35 for WordPress. In the cpabc_appointments.php file, the Calendar Name input could allow attackers to inject arbitrary JavaScript or HTML.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- WordPress/Appointment Booking Calendardescription
- Range: <1.3.35
Patches
Vulnerability mechanics
References
5- packetstormsecurity.com/files/156694/WordPress-Appointment-Booking-Calendar-1.3.34-CSV-Injection.htmlnvdExploitThird Party AdvisoryVDB Entry
- drive.google.com/opennvdExploitThird Party Advisory
- wordpress.org/plugins/appointment-booking-calendar/nvdRelease NotesThird Party Advisory
- wpvulndb.com/vulnerabilities/10110nvdThird Party Advisory
- www.hotdreamweaver.com/support/view.phpnvdPermissions RequiredThird Party Advisory
News mentions
0No linked articles in our index yet.