Salon booking system < 9.6.6 – Editor+ Stored XSS | CVE 2024-2439 | Plugin Vulnerabilities

Description

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as Editor to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)

Proof of Concept

1. Go to "Salon > Services > Add New Service"
2. For the service name, enter: `<script<script>>alert(document.cookie)</script<script>` and save
3. Go to "Assistants" and edit an assistant
4. Click on "Limit reservations to the following services" to see the XSS

Affects Plugins

salon-booking-system

Fixed in 9.6.6

References

CVE

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

Miscellaneous

Submitter

cyc707

Verified

Yes

WPVDB ID

7a375077-fc70-4389-b109-28fce3db2aef

Timeline

Publicly Published

2024-04-05 (about 1 months ago)

Added

2024-04-05 (about 1 months ago)

Last Updated

2024-04-26 (about 24 days ago)

Other

Published

Title

Published

2015-05-06

Title

ClickBank Affiliate Ads < 1.35 - CSRF to Stored Cross-Site Scripting

Published

2023-07-10

Title

Mail Control < 0.3.2 - Unauthenticated Stored XSS via Email Subject

Published

2023-05-22

Title

WP-Hijri < 1.5.2 - Reflected XSS

Published

2021-08-09

Title

Clean Login 1.12.6.3 - Reflected Cross-Site Scripting

Published

2024-03-28

Title

Stackable < 3.12.12 - Contributor+ Stored XSS via Posts Block