CVE-2024-2101 (GCVE-0-2024-2101)
Vulnerability from cvelistv5 – Published: 2024-04-17 05:00 – Updated: 2024-08-01 19:03
VLAI?
Title
WordPress Plugin Salon Booking System < 9.6.3 - Unauthenticated Stored Cross-Site Scripting (XSS)
Summary
The Salon booking system WordPress plugin before 9.6.3 does not properly sanitize and escape the 'Mobile Phone' field when booking an appointment, allowing customers to conduct Stored Cross-Site Scripting attacks. The payload gets triggered when an admin visits the 'Customers' page and the malicious script is executed in the admin context.
Severity ?
5.7 (Medium)
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Unknown | Salon booking system |
Affected:
0 , < 9.6.3
(semver)
|
Credits
Priyanka Pande
WPScan
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:salonbookingsystem:salon_booking_system:-:*:*:*:*:wordpress:*:*"
],
"defaultStatus": "unknown",
"product": "salon_booking_system",
"vendor": "salonbookingsystem",
"versions": [
{
"lessThanOrEqual": "9.6.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-2101",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-19T20:56:46.856425Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-06T13:56:45.727Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T19:03:38.483Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"exploit",
"vdb-entry",
"technical-description",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/b3a0bb3f-50b2-4dcb-b23c-b08480363a4a/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Salon booking system",
"vendor": "Unknown",
"versions": [
{
"lessThan": "9.6.3",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Priyanka Pande"
},
{
"lang": "en",
"type": "coordinator",
"value": "WPScan"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Salon booking system WordPress plugin before 9.6.3 does not properly sanitize and escape the \u0027Mobile Phone\u0027 field when booking an appointment, allowing customers to conduct Stored Cross-Site Scripting attacks. The payload gets triggered when an admin visits the \u0027Customers\u0027 page and the malicious script is executed in the admin context."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-79 Cross-Site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-17T05:00:02.552Z",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"exploit",
"vdb-entry",
"technical-description"
],
"url": "https://wpscan.com/vulnerability/b3a0bb3f-50b2-4dcb-b23c-b08480363a4a/"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "WordPress Plugin Salon Booking System \u003c 9.6.3 - Unauthenticated Stored Cross-Site Scripting (XSS)",
"x_generator": {
"engine": "WPScan CVE Generator"
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2024-2101",
"datePublished": "2024-04-17T05:00:02.552Z",
"dateReserved": "2024-03-01T16:17:36.665Z",
"dateUpdated": "2024-08-01T19:03:38.483Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"fkie_nvd": {
"descriptions": "[{\"lang\": \"en\", \"value\": \"The Salon booking system WordPress plugin before 9.6.3 does not properly sanitize and escape the \u0027Mobile Phone\u0027 field when booking an appointment, allowing customers to conduct Stored Cross-Site Scripting attacks. The payload gets triggered when an admin visits the \u0027Customers\u0027 page and the malicious script is executed in the admin context.\"}, {\"lang\": \"es\", \"value\": \"El complemento Salon booking system de WordPress anterior a 9.6.3 no sanitiza adecuadamente ni escapa del campo \\\"Tel\\u00e9fono m\\u00f3vil\\\" al reservar una cita, lo que permite a los clientes realizar ataques de Cross-Site Scripting Almacenado. El payload se activa cuando un administrador visita la p\\u00e1gina \\\"Clientes\\\" y el script malicioso se ejecuta en el contexto del administrador.\"}]",
"id": "CVE-2024-2101",
"lastModified": "2024-11-21T09:09:02.193",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N\", \"baseScore\": 5.7, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"REQUIRED\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 2.1, \"impactScore\": 3.6}]}",
"published": "2024-04-17T05:15:48.597",
"references": "[{\"url\": \"https://wpscan.com/vulnerability/b3a0bb3f-50b2-4dcb-b23c-b08480363a4a/\", \"source\": \"contact@wpscan.com\"}, {\"url\": \"https://wpscan.com/vulnerability/b3a0bb3f-50b2-4dcb-b23c-b08480363a4a/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
"sourceIdentifier": "contact@wpscan.com",
"vulnStatus": "Awaiting Analysis"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2024-2101\",\"sourceIdentifier\":\"contact@wpscan.com\",\"published\":\"2024-04-17T05:15:48.597\",\"lastModified\":\"2025-04-14T13:42:18.963\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The Salon booking system WordPress plugin before 9.6.3 does not properly sanitize and escape the \u0027Mobile Phone\u0027 field when booking an appointment, allowing customers to conduct Stored Cross-Site Scripting attacks. The payload gets triggered when an admin visits the \u0027Customers\u0027 page and the malicious script is executed in the admin context.\"},{\"lang\":\"es\",\"value\":\"El complemento Salon booking system de WordPress anterior a 9.6.3 no sanitiza adecuadamente ni escapa del campo \\\"Tel\u00e9fono m\u00f3vil\\\" al reservar una cita, lo que permite a los clientes realizar ataques de Cross-Site Scripting Almacenado. El payload se activa cuando un administrador visita la p\u00e1gina \\\"Clientes\\\" y el script malicioso se ejecuta en el contexto del administrador.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N\",\"baseScore\":5.7,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.1,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-79\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:salonbookingsystem:salon_booking_system:*:*:*:*:*:wordpress:*:*\",\"versionEndExcluding\":\"9.6.3\",\"matchCriteriaId\":\"51D9372B-FDCB-4563-A63E-2F27BD9BDB59\"}]}]}],\"references\":[{\"url\":\"https://wpscan.com/vulnerability/b3a0bb3f-50b2-4dcb-b23c-b08480363a4a/\",\"source\":\"contact@wpscan.com\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://wpscan.com/vulnerability/b3a0bb3f-50b2-4dcb-b23c-b08480363a4a/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://wpscan.com/vulnerability/b3a0bb3f-50b2-4dcb-b23c-b08480363a4a/\", \"tags\": [\"exploit\", \"vdb-entry\", \"technical-description\", \"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-01T19:03:38.483Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 5.7, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"HIGH\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-2101\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"poc\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-04-19T20:56:46.856425Z\"}}}], \"affected\": [{\"cpes\": [\"cpe:2.3:a:salonbookingsystem:salon_booking_system:-:*:*:*:*:wordpress:*:*\"], \"vendor\": \"salonbookingsystem\", \"product\": \"salon_booking_system\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"9.6.3\"}], \"defaultStatus\": \"unknown\"}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-04-19T20:55:47.486Z\"}}], \"cna\": {\"title\": \"WordPress Plugin Salon Booking System \u003c 9.6.3 - Unauthenticated Stored Cross-Site Scripting (XSS)\", \"source\": {\"discovery\": \"EXTERNAL\"}, \"credits\": [{\"lang\": \"en\", \"type\": \"finder\", \"value\": \"Priyanka Pande\"}, {\"lang\": \"en\", \"type\": \"coordinator\", \"value\": \"WPScan\"}], \"affected\": [{\"vendor\": \"Unknown\", \"product\": \"Salon booking system\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"9.6.3\", \"versionType\": \"semver\"}], \"defaultStatus\": \"unaffected\"}], \"references\": [{\"url\": \"https://wpscan.com/vulnerability/b3a0bb3f-50b2-4dcb-b23c-b08480363a4a/\", \"tags\": [\"exploit\", \"vdb-entry\", \"technical-description\"]}], \"x_generator\": {\"engine\": \"WPScan CVE Generator\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"The Salon booking system WordPress plugin before 9.6.3 does not properly sanitize and escape the \u0027Mobile Phone\u0027 field when booking an appointment, allowing customers to conduct Stored Cross-Site Scripting attacks. The payload gets triggered when an admin visits the \u0027Customers\u0027 page and the malicious script is executed in the admin context.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"description\": \"CWE-79 Cross-Site Scripting (XSS)\"}]}], \"providerMetadata\": {\"orgId\": \"1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81\", \"shortName\": \"WPScan\", \"dateUpdated\": \"2024-04-17T05:00:02.552Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2024-2101\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-08-01T19:03:38.483Z\", \"dateReserved\": \"2024-03-01T16:17:36.665Z\", \"assignerOrgId\": \"1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81\", \"datePublished\": \"2024-04-17T05:00:02.552Z\", \"assignerShortName\": \"WPScan\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…