Filtered by vendor Gappointments Subscriptions
Filtered by product Gappointments Subscriptions
Total 2 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2023-2705 1 Gappointments 1 Gappointments 2024-09-26 6.1 Medium
The gAppointments WordPress plugin before 1.10.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against admin
CVE-2023-2707 1 Gappointments 1 Gappointments 2024-08-02 4.8 Medium
The gAppointments WordPress plugin through 1.9.5.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)