Totally Secure

Security Information and News

NVD NVD Nist GOV

NVD – CVE-2020-25445

ByTotally Secure

Jul 16, 2021
Changed Description 
Cross Site Scripting (XSS) vulnerability in Booking Core - Ultimate Booking System Booking Core 1.7.0. The “Subscribe” feature of the application is vulnerable to CSV formula injection. The input containing the excel formula is not being sanitized by the application. As a result, when an admin in the backend downloads and opens the CSV, the content of the cells is executed. Vulnerable fields: First name and Last name of the “Subscribe” request.
The “Subscribe” feature in Ultimate Booking System Booking Core 1.7.0 is vulnerable to CSV formula injection. The input containing the excel formula is not being sanitized by the application. As a result when admin in backend download and open the csv, content of the cells are executed.

By Totally Secure

Related Post

NVD NVD Nist GOV

NVD – CVE-2017-20187

Nov 7, 2023 Totally Secure
NVD NVD Nist GOV

NVD – CVE-2017-7252

Nov 7, 2023 Totally Secure
NVD NVD Nist GOV

NVD – CVE-2018-25092

Nov 7, 2023 Totally Secure

You missed

CISA Bulletins Security US Cert

Vulnerability Summary for the Week of November 11, 2024

November 19, 2024 Totally Secure
CISA Bulletins Security US Cert

Vulnerability Summary for the Week of November 4, 2024

November 13, 2024 Totally Secure
CISA Bulletins Security US Cert

Vulnerability Summary for the Week of October 28, 2024

November 5, 2024 Totally Secure
CISA Bulletins Security US Cert

Vulnerability Summary for the Week of October 21, 2024

October 29, 2024 Totally Secure