CVE-2020-25445

CVE-2020-25445

Cross Site Scripting (XSS) vulnerability in Booking Core – Ultimate Booking System Booking Core 1.7.0. The “Subscribeâ€� feature of the application is vulnerable to CSV formula injection. The input containing the excel formula is not being sanitized by the application. As a result, when an admin in the backend downloads and opens the CSV, the content of the cells is executed. Vulnerable fields: First name and Last name of the “Subscribeâ€� request.

Source: CVE-2020-25445

답글 남기기

이메일 주소는 공개되지 않습니다. 필수 필드는 *로 표시됩니다