Description
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in webmuehle Court Reservation court-reservation allows Reflected XSS.This issue affects Court Reservation: from n/a through <= 1.10.13.
Published: 2026-02-20
Score: 7.1 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is a reflected cross‑site scripting flaw resulting from improper neutralization of user input during web page generation. An attacker can embed malicious script payloads into specially crafted URLs or form inputs that are then executed in the browser of any victim who views the reflected content. This can lead to session hijacking, credential theft, defacement, or compromise of the client side. The weakness is identified as CWE‑79.

Affected Systems

The Court Reservation plugin developed by webmuehle is affected in all releases up to and including version 1.10.13. No other vendors or product versions are listed as impacted.

Risk and Exploitability

The CVSS score of 7.1 classifies the vulnerability as high severity, while the EPSS score of less than 1 % indicates a low probability of exploitation at the time of assessment. Since the flaw is a reflected XSS, the attacker typically needs only to persuade a victim to visit a malicious URL or submit a crafted form; no authentication or privileged access is required. The vulnerability is not listed in the CISA KEV catalog.

Generated by OpenCVE AI on April 29, 2026 at 14:38 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the Court Reservation plugin to the latest available version (e.g., 1.10.14 or later) to apply the vendor’s fix.
  • Configure a strong content‑security‑policy to disallow inline scripts and restrict script sources.
  • Ensure that all user input is properly validated and escaped before being rendered in the page output.

Generated by OpenCVE AI on April 29, 2026 at 14:38 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 23 Apr 2026 15:00:00 +0000

Type Values Removed Values Added
Description Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in webmuehle Court Reservation court-reservation allows Reflected XSS.This issue affects Court Reservation: from n/a through <= 1.10.11. Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in webmuehle Court Reservation court-reservation allows Reflected XSS.This issue affects Court Reservation: from n/a through <= 1.10.13.
Title WordPress Court Reservation plugin <= 1.10.11 - Cross Site Scripting (XSS) vulnerability WordPress Court Reservation plugin <= 1.10.13 - Cross Site Scripting (XSS) vulnerability

Wed, 01 Apr 2026 23:45:00 +0000

Type Values Removed Values Added
Description Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in webmuehle Court Reservation court-reservation allows Reflected XSS.This issue affects Court Reservation: from n/a through <= 1.10.9. Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in webmuehle Court Reservation court-reservation allows Reflected XSS.This issue affects Court Reservation: from n/a through <= 1.10.11.
Title WordPress Court Reservation plugin <= 1.10.9 - Cross Site Scripting (XSS) vulnerability WordPress Court Reservation plugin <= 1.10.11 - Cross Site Scripting (XSS) vulnerability

Mon, 23 Feb 2026 22:15:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 7.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 23 Feb 2026 15:00:00 +0000

Type Values Removed Values Added
First Time appeared Webmuehle
Webmuehle court Reservation
Wordpress
Wordpress wordpress
Vendors & Products Webmuehle
Webmuehle court Reservation
Wordpress
Wordpress wordpress

Fri, 20 Feb 2026 16:15:00 +0000

Type Values Removed Values Added
Description Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in webmuehle Court Reservation court-reservation allows Reflected XSS.This issue affects Court Reservation: from n/a through <= 1.10.9.
Title WordPress Court Reservation plugin <= 1.10.9 - Cross Site Scripting (XSS) vulnerability
Weaknesses CWE-79
References

Subscriptions

Webmuehle Court Reservation
Wordpress Wordpress
cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-04-28T16:14:31.798Z

Reserved: 2025-12-24T14:00:10.434Z

Link: CVE-2025-68852

cve-icon Vulnrichment

Updated: 2026-02-23T21:46:05.073Z

cve-icon NVD

Status : Deferred

Published: 2026-02-20T16:22:13.983

Modified: 2026-04-23T15:36:09.337

Link: CVE-2025-68852

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-29T14:45:13Z

Weaknesses