Vulnerabilities > Bookingcore > Booking Core > 1.7.0
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-07-14 | CVE-2020-25444 | Cross-site Scripting vulnerability in Bookingcore Booking Core 1.7.0 Cross Site Scripting (XSS) vulnerability in Booking Core - Ultimate Booking System Booking Core 1.7.0 via the (1) "About Yourself” section under the “My Profile” page, " (2) “Hotel Policy” field under the “Hotel Details” page, (3) “Pricing code” and “name” fields under the “Manage Tour” page, and (4) all the labels under the “Menu” section. | 5.4 |
| 2021-07-14 | CVE-2020-25445 | Improper Neutralization of Formula Elements in a CSV File vulnerability in Bookingcore Booking Core 1.7.0 The “Subscribe” feature in Ultimate Booking System Booking Core 1.7.0 is vulnerable to CSV formula injection. | 7.8 |
| 2021-07-14 | CVE-2020-27379 | Cross-Site Request Forgery (CSRF) vulnerability in Bookingcore Booking Core 1.7.0 Cross Site Request Forgery (CSRF) vulnerability in Booking Core - Ultimate Booking System Booking Core 1.7.0 . | 6.5 |