Unrated severityNVD Advisory· Published Jul 12, 2021· Updated Aug 3, 2024
Salon Booking System < 6.3.1 - Unauthenticated Stored Cross-Site Scripting (XSS)
CVE-2021-24429
Description
The Salon booking system WordPress plugin before 6.3.1 does not properly sanitise and escape the First Name field when booking an appointment, allowing low privilege users such as subscriber to set JavaScript in them, leading to a Stored Cross-Site Scripting (XSS) vulnerability. The Payload will then be triggered when an admin visits the "Calendar" page and the malicious script is executed in the admin context.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Range: <6.3.1
- Salon Booking System/Salon booking systemv5Range: 6.3.1
Patches
Vulnerability mechanics
References
1- wpscan.com/vulnerability/e922b788-7da5-43b4-9b05-839c8610252amitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.