cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-9240,https://securityvulnerability.io/vulnerability/CVE-2024-9240,Unprotected Cross-Site Scripting Vulnerability in Reservation plugin for WordPress,"The ReDi Restaurant Reservation plugin for WordPress exhibits a vulnerability related to Reflected Cross-Site Scripting due to inadequate escaping when using the add_query_arg function. This vulnerability allows unauthenticated attackers to manipulate URLs and inject arbitrary scripts into web pages. When victims execute actions, such as clicking on a malicious link, the injected scripts can be triggered, facilitating potential exploitation. Users of the ReDi plugin are advised to review their implementation and apply necessary security measures to mitigate risks associated with this vulnerability.",Wordpress,Redi Restaurant Reservation,6.1,MEDIUM,0.0005200000014156103,false,,false,false,false,,false,false,2024-10-17T02:06:03.971Z,0
CVE-2021-24299,https://securityvulnerability.io/vulnerability/CVE-2021-24299,ReDi Restaurant Reservations < 21.0426 - Unauthenticated Stored Cross-Site Scripting (XSS),"The ReDi Restaurant Reservation WordPress plugin before 21.0426 provides the functionality to let users make restaurant reservations. These reservations are stored and can be listed on an 'Upcoming' page provided by the plugin. An unauthenticated user can fill in the form to make a restaurant reservation. The form to make a restaurant reservation field called 'Comment' does not use proper input validation and can be used to store XSS payloads. The XSS payloads will be executed when the plugin user goes to the 'Upcoming' page, which is an external website https://upcoming.reservationdiary.eu/ loaded in an iframe, and the stored reservation with XSS payload is loaded.",Wordpress,Redi Restaurant Reservation,6.1,MEDIUM,0.0009299999801442027,false,,false,false,false,,false,false,2021-05-17T16:48:53.000Z,0