MidnightBSD

Advisories for classroombookings

CVE-2020-35382 MEDIUM

SQL Injection in Classbooking before 2.4.1 via the username field of a CSV file when adding a new user.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-89,

Products Affected

Vendor Product Version
classroombookings classroombookings *
CVE-2023-23012

Cross Site Scripting (XSS) vulnerability in craigrodway classroombookings 2.6.4 allows attackers to execute arbitrary code or other unspecified impacts via the input bgcol in file Weeks.php.

Products Affected

Vendor Product Version
classroombookings classroombookings 2.6.4