Vulnerability Description
Cross-site scripting vulnerability in WP Booking System Free version prior to version 1.4 and WP Booking System Premium version prior to version 3.7 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Wpbookingsystem | Wp Booking System | <= 1.3.3 |
Related Weaknesses (CWE)
References
- http://jvndb.jvn.jp/jvndb/JVNDB-2017-000092Third Party AdvisoryVDB Entry
- https://jvn.jp/en/jp/JVN96165722/index.htmlThird Party AdvisoryVDB Entry
- https://wordpress.org/plugins/wp-booking-system/#developersRelease NotesVendor Advisory
- https://wpvulndb.com/vulnerabilities/8830
- http://jvndb.jvn.jp/jvndb/JVNDB-2017-000092Third Party AdvisoryVDB Entry
- https://jvn.jp/en/jp/JVN96165722/index.htmlThird Party AdvisoryVDB Entry
- https://wordpress.org/plugins/wp-booking-system/#developersRelease NotesVendor Advisory
- https://wpvulndb.com/vulnerabilities/8830
FAQ
What is CVE-2017-2168?
CVE-2017-2168 is a vulnerability with a CVSS score of 6.1 (MEDIUM). Cross-site scripting vulnerability in WP Booking System Free version prior to version 1.4 and WP Booking System Premium version prior to version 3.7 allows remote attackers to inject arbitrary web scr...
How severe is CVE-2017-2168?
CVE-2017-2168 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2017-2168?
Check the references section above for vendor advisories and patch information. Affected products include: Wpbookingsystem Wp Booking System.