Arbitrary Code Execution Vulnerability in craigrodway classroombookings 2.6.4 via bgcol Parameter in Weeks.php
CVE-2023-23012 · MEDIUM Severity
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Cross Site Scripting (XSS) vulnerability in craigrodway classroombookings 2.6.4 allows attackers to execute arbitrary code or other unspecified impacts via the input bgcol in file Weeks.php.
Learn more about our Web Application Penetration Testing UK.