Cross-site scripting vulnerability in Booking Package - Appointment Booking Calendar System versions prior to 1.5.11 allows a remote attacker to inject an arbitrary script via unspecified vectors.
References
Link | Resource |
---|---|
https://wordpress.org/plugins/booking-package/ | Product |
https://saasproject.net/ja/fixed/20211019.php | Vendor Advisory |
https://jvn.jp/en/jp/JVN68066589/index.html | Third Party Advisory |
Configurations
Information
Published : 2021-11-24 08:15
Updated : 2021-11-26 19:59
NVD link : CVE-2021-20840
Mitre link : CVE-2021-20840
JSON object : View
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Products Affected
saasproject
- booking_package