Skip to content

CVE-2023-36384 | Booking Calendar Contact Form

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in CodePeople Booking Calendar Contact Form plugin <= 1.2.40 versions..This CVE has a CVSS3.1 score of 7.1 and a Base Severity of HIGH.

InfoDetails
CVE IDCVE-2023-36384
CVE StatePUBLISHED
BaseScore7.1
BaseSeverityHIGH
VectorStringCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
VersionNA

References for CVE-2023-36384 :
https://patchstack.com/database/vulnerability/booking-calendar-contact-form/wordpress-booking-calendar-contact-form-plugin-1-2-40-cross-site-scripting-xss?_s_id=cve

Metric TypeMetric Score
AttackVector(AV)NETWORK
AttackComplexity(AC)LOW
PrivilegesRequired(PR)NONE
UserInteraction(UI)REQUIRED
Scope(S)CHANGED
Confidentiality(C)LOW
Availability(A)LOW
Integrity(I)LOW
Tags: