Published: 17/05/2021 Updated: 24/05/2021

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

CVSS v3 Base Score: 6.1 | Impact Score: 2.7 | Exploitability Score: 2.8

VMScore: 383

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

The ReDi Restaurant Reservation WordPress plugin prior to 21.0426 provides the functionality to let users make restaurant reservations. These reservations are stored and can be listed on an 'Upcoming' page provided by the plugin. An unauthenticated user can fill in the form to make a restaurant reservation. The form to make a restaurant reservation field called 'Comment' does not use proper input validation and can be used to store XSS payloads. The XSS payloads will be executed when the plugin user goes to the 'Upcoming' page, which is an external website upcoming.reservationdiary.eu/ loaded in an iframe, and the stored reservation with XSS payload is loaded.

Vulnerable Product	Search on Vulmon	Subscribe to Product
catzsoft redi restaurant reservation

WordPress ReDi Restaurant Reservation plugin version 210307 suffers from a persistent cross site scripting vulnerability ...

CWE-79 https://wpscan.com/vulnerability/fd6ce00b-8c5f-4180-b648-f47b37303670 http://packetstormsecurity.com/files/162756/WordPress-ReDi-Restaurant-Reservation-21.0307-Cross-Site-Scripting.html https://nvd.nist.gov https://packetstormsecurity.com/files/162756/WordPress-ReDi-Restaurant-Reservation-21.0307-Cross-Site-Scripting.html

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2021-24299

Vulnerability Summary

Vulnerability Trend

Exploits

References

Vulmon Search

About

Products

Connect