Vulnerabilities > Classroombookings

DATE CVE VULNERABILITY TITLE RISK
2023-01-20 CVE-2023-23012 Cross-site Scripting vulnerability in Classroombookings 2.6.4
Cross Site Scripting (XSS) vulnerability in craigrodway classroombookings 2.6.4 allows attackers to execute arbitrary code or other unspecified impacts via the input bgcol in file Weeks.php.
network
low complexity
classroombookings CWE-79
6.1
2020-12-14 CVE-2020-35382 SQL Injection vulnerability in Classroombookings
SQL Injection in Classbooking before 2.4.1 via the username field of a CSV file when adding a new user.
network
low complexity
classroombookings CWE-89
6.5