CVE-2022-43487

CVSS V2 None CVSS V3 None

Description

Cross-site scripting vulnerability in Salon booking system versions prior to 7.9 allows a remote unauthenticated attacker to inject an arbitrary script.

Overview

CVE ID
CVE-2022-43487

Assigner
vultures@jpcert.or.jp

Vulnerability Status
Analyzed

Published Version
2022-12-05T04:15:10.400

Last Modified Date
2022-12-06T13:10:34.063

Weakness Enumerations

CWE	URL
CWE-79	http://cwe.mitre.org/data/definitions/79.html

CPE Configuration (Product)

CPE	Vulnerable	Operator	Version Start	Version End
cpe:2.3:a:salonbookingsystem:salon_booking_system::::::wordpress::*	1	OR		7.9

References

Reference URL	Reference Tags
https://jvn.jp/en/jp/JVN59663854/index.html	Third Party Advisory
https://wordpress.org/plugins/salon-booking-system/	Product
https://www.salonbookingsystem.com/	Product Vendor Advisory

Sources

Source Name	Source URL
NIST	https://nvd.nist.gov/vuln/detail/CVE-2022-43487
MITRE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-43487

History

Created	Old Value	New Value	Data Type	Notes
2022-12-07 18:06:26				Added to TrackCVE