Availability Booking Calendar PHP - Stored XSS and Unrestricted File Upload

Read Time:21 Second

Posted by Andrey Stoykov on Jul 25

# Exploit Title: Availability Booking Calendar PHP – Multiple Issues
# Date: 07/2023
# Exploit Author: Andrey Stoykov
# Tested on: Ubuntu 20.04
# Blog: http://msecureltd.blogspot.com

XSS #1:

Steps to Reproduce:

1. Browse to Bookings
2. Select All Bookings
3. Edit booking and select Promo Code
4. Enter payload TEST”><script>alert(`XSS`)</script>

// HTTP POST request

POST…

llama-cpp-b4094-11.fc42

FEDORA-2025-b356588c06 Packages in this update: llama-cpp-b4094-11.fc42 Update description: Fix bz2358011 Read More

April 10, 2025

USN-7431-1: HAProxy vulnerability

Aleandro Prudenzano and Edoardo Geraci discovered that HAProxy incorrectly handled certain uncommon configurations that replace multiple short patterns with a...

April 10, 2025

ZDI-CAN-26569: Siemens

A CVSS score 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Anonymous' was reported to the affected vendor on: 2025-04-10, 0 days...

April 10, 2025