Cross Site Scripting Vulnerability in ClassroomBookings by Craig Rodway
CVE-2023-23012

6.1MEDIUM

Key Information:

Vendor: Classroombookings
Status: Classroombookings
Vendor: CVE Published:; 20 January 2023

🔔 Create Classroombookings Vulnerability Alert

What is CVE-2023-23012?

A Cross Site Scripting (XSS) vulnerability in ClassroomBookings version 2.6.4 permits attackers to execute arbitrary code or exploit other impacts by manipulating the input parameter 'bgcol' within the Weeks.php file. This security flaw enables potential exploitation of user sessions or manipulation of web content, thereby compromising the integrity of the application and potentially affecting users.

References

https://gist.github.com/enferas/bd8ec37999c216eceabd6b80d...

https://github.com/craigrodway/classroombookings/issues/52

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 20, 2023
Vulnerability Reserved
Jan 11, 2023

CVE-2023-23012 Data

JSON