CVE-2023-27918

State: PUBLISHED · Published: 2023-05-10 · Updated: 2025-01-27 · Assigner: jpcert

Description

Cross-site scripting vulnerability in Appointment and Event Booking Calendar for WordPress - Amelia versions prior to 1.0.76 allows a remote unauthenticated attacker to inject an arbitrary script by having a user who is logging in the WordPress where the product is installed visit a malicious URL.

CWE

CWE-79 — CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Affected

TMS / Appointment and Event Booking Calendar for WordPress - Amelia — v=versions prior to 1.0.76 [affected]

CVSS

(none)

References

https://wordpress.org/plugins/ameliabooking/#developers
https://jvn.jp/en/jp/JVN00971105/

Source

cvelistV5-main/cves/2023/27xxx/CVE-2023-27918.json