CVE-2024-9806

See a problem?
Source
https://nvd.nist.gov/vuln/detail/CVE-2024-9806
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-9806.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2024-9806
Published
2024-10-10T19:15:17Z
Modified
2024-10-18T00:01:50.435579Z
Severity
  • 4.8 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
Summary
[none]
Details

A vulnerability has been found in Craig Rodway Classroombookings up to 2.8.6 and classified as problematic. This vulnerability affects unknown code of the file /rooms/fields of the component Room Page. The manipulation of the argument Name leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 2.8.7 is able to address this issue. It is recommended to upgrade the affected component. The project maintainer was contacted early about the disclosure. He responded very quickly, friendly, and professional.

References

Affected packages

Git / github.com/craigrodway/classroombookings

Affected ranges

Type
GIT
Repo
https://github.com/craigrodway/classroombookings
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected

Affected versions

v2.*

v2.0.0
v2.0.1
v2.0.2
v2.0.3
v2.0.4
v2.0.5
v2.1.0
v2.1.1
v2.1.2
v2.1.3
v2.2.0
v2.3.0
v2.3.0-beta.1
v2.3.0-beta.2
v2.3.1
v2.3.2
v2.4.0
v2.4.1
v2.5.0
v2.6.0
v2.6.1
v2.6.2
v2.6.3
v2.6.4
v2.6.5
v2.8.5
v2.8.6