Security Advisory

CVE-2020-24313

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2020-08-26 12:54:33

Last updated 2024-08-04 15:12:08

Assigner mitre

State PUBLISHED

Description

Etoile Web Design Ultimate Appointment Booking & Scheduling WordPress Plugin v1.1.9 and lower does not sanitize the value of the "Appointment_ID" GET parameter before echoing it back out inside an input tag. This results in a reflected XSS vulnerability that attackers can exploit with a specially crafted URL.

← Browse all CVEs View on cve.org ↗