CVE-2024-7877
published 2024-11-05CVE-2024-7877: The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin WordPress plugin before 1.6.7.55 does not sanitise and escape some of its…
PriorityP418medium4.8CVSS 3.1
AVNACLPRHUIRSCCLILAN
EPSS
0.36%
27.7th percentile
The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin WordPress plugin before 1.6.7.55 does not sanitise and escape some of its Notification settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| nsqua | simply_schedule_appointments | < 1.6.7.55 | 1.6.7.55 |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Suricata
ET EXPLOIT VMware Spring Cloud Directory Traversal (CVE-2020-5410)
suricata·2020-06-15·CVSS 7.5
CVE-2020-5410 [HIGH] ET EXPLOIT VMware Spring Cloud Directory Traversal (CVE-2020-5410)
ET EXPLOIT VMware Spring Cloud Directory Traversal (CVE-2020-5410)
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET EXPLOIT VMware Spring Cloud Directory Traversal (CVE-2020-5410)"; flow:established,to_server; http.method; content:"GET"; http.uri.raw; content:"/..%252F..%252F"; nocase; fast_pattern; reference:url,xz.aliyun.com/t/7877; reference:cve,2020-5410; classtype:attempted-admin; sid:2030337; rev:2; metadata:affected_product VMware, created_at 2020_06_15, cve CVE_2020_5410, deployment Perimeter, deployment Internal, confidence High, signature_severity Major, tag CISA_KEV, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2024_11_26, mitre_tactic_id TA0007, mitre_tactic_name Discovery, mitre_technique_id T1083, mitre_technique_name File_And_Directory_Discovery
No public exploits indexed.
No writeups or analysis indexed.
2024-11-05
Published