Stored XSS exists in the Appointment Booking Calendar plugin prior to 1.3.35 for WordPress. In the cpabc_appointments.php file, the Calendar Name input could allow malicious users to inject arbitrary JavaScript or HTML.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
codepeople appointment booking calendar |