CVE-2024-2603

MEDIUM Year: 2024
CVSS v3 Score
6.3
Medium
Weakness Type
CWE-79
View all →

Vulnerability Description

The Salon booking system WordPress plugin through 9.6.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin (or editor depending on Salon booking system WordPress plugin through 9.6.5 configuration) to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)

Related Vulnerabilities

CVE-2018-15641

MEDIUM
CVSS:6.3(Medium)

Cross-site scripting (XSS) issue in web module in Odoo Community 11.0 through 14.0 and Odoo Enterprise 11.0 through 14.0, allows remote authenticated internal users to inject arbitrary web script in t...

CWE-792018

CVE-2018-21155

MEDIUM
CVSS:6.3(Medium)

Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.34, DM200 before 1.0.0.52, R6100 before 1.0.1.22, R7500 before 1.0.0.122, R7500v2 before 1.0.3.26, R7800 before 1.0....

CWE-792018

CVE-2018-6495

MEDIUM
CVSS:6.3(Medium)

Cross-Site Scripting (XSS) in Micro Focus Universal CMDB, version 10.20, 10.21, 10.22, 10.30, 10.31, 10.32, 10.33, 11.0, CMS, version 4.10, 4.11, 4.12, 4.13, 4.14, 4.15.1 and Micro Focus UCMDB Browser...

CWE-792018

CVE-2020-13965

MEDIUM
CVSS:6.3(Medium)

An issue was discovered in Roundcube Webmail before 1.3.12 and 1.4.x before 1.4.5. There is XSS via a malicious XML attachment because text/xml is among the allowed types for a preview.

CWE-792020

CVE-2020-36085

MEDIUM
CVSS:6.3(Medium)

Stored Cross Site Scripting(XSS) vulnerability in Egavilan Media Resumes Management and Job Application Website 1.0 allows remote attackers to inject arbitrary code via First and Last Name in Apply Fo...

CWE-792020

CVE-2020-7747

MEDIUM
CVSS:6.3(Medium)

This affects all versions of package lightning-server. It is possible to inject malicious JavaScript code as part of a session controller.

CWE-792020