Vendor

Booking Calendar Project

Products

CVEs

Across products

Status

Private

Products

CVE	Sev	Risk	CVSS	EPSS	KEV	Published	Description
CVE-2017-2151	Med	0.40	6.1	0.00		Apr 28, 2017	Cross-site scripting vulnerability in Booking Calendar version 7.1 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2017-2150	Med	0.35	5.3	0.01		Apr 28, 2017	Directory traversal vulnerability in Booking Calendar version 7.0 and earlier allows remote attackers to read arbitrary files via specially crafted captcha_chalange parameter.

CVE-2017-2151MedApr 28, 2017
risk 0.40cvss 6.1epss 0.00
Cross-site scripting vulnerability in Booking Calendar version 7.1 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2017-2150MedApr 28, 2017
risk 0.35cvss 5.3epss 0.01
Directory traversal vulnerability in Booking Calendar version 7.0 and earlier allows remote attackers to read arbitrary files via specially crafted captcha_chalange parameter.