Arbitrary Code Execution Vulnerability in craigrodway classroombookings 2.6.4 via bgcol Parameter in Weeks.php

Arbitrary Code Execution Vulnerability in craigrodway classroombookings 2.6.4 via bgcol Parameter in Weeks.php

CVE-2023-23012 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Cross Site Scripting (XSS) vulnerability in craigrodway classroombookings 2.6.4 allows attackers to execute arbitrary code or other unspecified impacts via the input bgcol in file Weeks.php.

Learn more about our Web Application Penetration Testing UK.