Vulnerabilities > Twinkletoessoftware > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-01-22 | CVE-2023-24058 | Unspecified vulnerability in Twinkletoessoftware Booked 2.5.5 Booked Scheduler 2.5.5 allows authenticated users to create and schedule events for any other user via a modified userId value to reservation_save.php. | 4.3 |
| 2022-07-26 | CVE-2022-30706 | Open Redirect vulnerability in Twinkletoessoftware Booked Open redirect vulnerability in Booked versions prior to 3.3 allows a remote unauthenticated attacker to redirect a user to an arbitrary web site and conduct a phishing attack by having a user to access a specially crafted URL. | 6.1 |