Security Advisory

CVE-2021-37330

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2021-10-04 13:35:50

Last updated 2024-08-04 01:16:03

Assigner mitre

State PUBLISHED

Description

Laravel Booking System Booking Core 2.0 is vulnerable to Cross Site Scripting (XSS). The Avatar upload in the My Profile section could be exploited to upload a malicious SVG file which contains Javascript. Now if another user/admin views the profile and clicks to view his avatar, an XSS will trigger.

← Browse all CVEs View on cve.org ↗