cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2023-2707,https://securityvulnerability.io/vulnerability/CVE-2023-2707,Appointment booking addon for Gravity Forms <= 1.9.5.1 - Admin+ Stored XSS,"The gAppointments WordPress plugin through 1.9.5.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)",Wordpress,Gappointments,4.8,MEDIUM,0.0004799999878741801,false,,false,false,false,,false,false,2023-11-27T17:15:00.000Z,0
CVE-2023-2705,https://securityvulnerability.io/vulnerability/CVE-2023-2705,Appointment booking addon for Gravity Forms < 1.10.0 - Reflected Cross-Site Scripting,"The gAppointments WordPress plugin before 1.10.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against admin",Wordpress,Gappointments,6.1,MEDIUM,0.0006600000197067857,false,,false,false,false,,false,false,2023-09-11T20:15:00.000Z,0